--- Jacob Copsey <[EMAIL PROTECTED]> wrote: > I agree these are good solutions and I have considered > them. However, I am looking for an all-inclusive > solution that is code only within PHP that allows the > admin of the application to copy the files to their > server and not need to do any server specific > configuration.
This places a large restriction on your ability to provide the best solution. However, there are still a couple of things you might consider, though I'm not sure if you will be fond of them: 1. Force those who install your software to place include files outside of document root. I know a few applications that check this and will output an error with a brief description of the security hazard if the include files are found to be under document root. This way, you can be assured that by the time people get your application to work, the include files will no longer be under document root. A similar notion is to combine this with a Web-based installation program, where your application relocates the include files during installation. 2. If your users are using Apache, you can include a .htaccess file in the top-level directory of your application that denies access to *.inc files. Maybe something like that will work for you. Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
