> Hello,
>
> I just noticed something very concerning and hope someone has some
> answers...
>
> I'm running php 4.2.3 under W2k IIS as a .dll.
>
> I have a directory set up with no anonymous access to it and
> security set to
> "Integrated Windows Authentication".
>
> If I try to load the page directly from the browser
> "/my_site/my_secure_directory/password_protected_file.php" I get the
> password dialog from Windows asking me to log in.
>
> On the other hand:
>
> If I require the file from a non-protected file; say "/index.php" has the
> line:
> "require('/my_site/my_secure_directory/password_protected_file.php');" in
> it, I'm not asked for a password and the page is included in the output.
>
> Is there something I'm missing here, or is this a bug?It's not a bug - just a mis-understanding of what the authentication mechanism is for... The directory security you have set is for users trying to access your files via HTTP (the web), whereas require is a tool for the developer to easily re-use code, accessing the files directly from disk rather than via HTTP. HTH, Mikey <-- Insert stream of consciousness here! -- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
