Re: [PHP] securing an 'includes' dir

2002-07-02 Thread Richard Lynch
>>> "Justin French" <[EMAIL PROTECTED]> wrote in message >>> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... 1. Name all included files .inc >>> >>> If you name them *.php then put anything in them inside a function, then >>> when the user browses to that file he/she won't see anything at all.

Re: [PHP] securing an 'includes' dir

2002-07-02 Thread Jason Wong
On Tuesday 02 July 2002 18:02, Justin French wrote: > on 02/07/02 5:41 PM, Richard Lynch ([EMAIL PROTECTED]) wrote: > >> "Justin French" <[EMAIL PROTECTED]> wrote in message > >> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > >> > >>> 1. Name all included files .inc > >> > >> If you name them *.ph

Re: [PHP] securing an 'includes' dir

2002-07-02 Thread Justin French
on 02/07/02 5:41 PM, Richard Lynch ([EMAIL PROTECTED]) wrote: >> "Justin French" <[EMAIL PROTECTED]> wrote in message >> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... >>> 1. Name all included files .inc >> >> If you name them *.php then put anything in them inside a function, then >> when the use

Re: [PHP] securing an 'includes' dir

2002-07-02 Thread Richard Lynch
>"Justin French" <[EMAIL PROTECTED]> wrote in message >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... >> 1. Name all included files .inc > >If you name them *.php then put anything in them inside a function, then >when the user browses to that file he/she won't see anything at all. You've alrea

Re: [PHP] securing an 'includes' dir

2002-06-30 Thread Steve Yates
"Chris Shiflett" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Steve Yates wrote: > >If you name them *.php then put anything in them inside a function, then > >when the user browses to that file he/she won't see anything at all. > > > I think this is a very p

Re: [PHP] securing an 'includes' dir

2002-06-30 Thread Chris Shiflett
Steve Yates wrote: >"Justin French" <[EMAIL PROTECTED]> wrote in message >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > >>1. Name all included files .inc >> >> >If you name them *.php then put anything in them inside a function, then >when the user browses to that file he/she won't see a

Re: [PHP] securing an 'includes' dir

2002-06-30 Thread Steve Yates
"Justin French" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > 1. Name all included files .inc If you name them *.php then put anything in them inside a function, then when the user browses to that file he/she won't see anything at all. - Steve Yates -

Re: [PHP] securing an 'includes' dir

2002-06-28 Thread Erik Price
On Friday, June 28, 2002, at 04:25 AM, Nick Wilson wrote: > How might I make an 'includes' dir inside the http root and stop users > being able to browse it? chmod go-rwx dirname But this will probably stop the web server from reading the file. Perhaps the administrators can provide a script

Re: [PHP] securing an 'includes' dir

2002-06-28 Thread Jason Wong
On Friday 28 June 2002 16:40, Nick Wilson wrote: > * and then Jason Wong declared > > > If using Apache, you would set a directive to deny all access to that > > directory. > > Gotcha. Can you domonstrate? Deny from All Remember this is only safe from browsers. PHP itself can still ac

Re: [PHP] securing an 'includes' dir

2002-06-28 Thread Dan Hardiker
> 1. Name all included files .inc I do this for many reasons, but mainly > to help me know which are executables, and which are includes. It also > helps with step 3. Just for an added layer of security (incase step 3 isnt effective due to mis-configuration or what have you), name them .inc.php

Re: [PHP] securing an 'includes' dir

2002-06-28 Thread Justin French
Assuming you have Apache/Unix (don't know about any other set-ups), I do the following. 1. Name all included files .inc I do this for many reasons, but mainly to help me know which are executables, and which are includes. It also helps with step 3. 2. I always keep them in a separate dir to the

Re: [PHP] securing an 'includes' dir

2002-06-28 Thread Nick Wilson
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 * and then Jason Wong declared > If using Apache, you would set a directive to deny all access to that > directory. Gotcha. Can you domonstrate? Cheers... - -- Nick Wilson // www.explodingnet.com -BEGIN PGP SIGNATURE- Version:

RE: [PHP] securing an 'includes' dir

2002-06-28 Thread Brian McGarvie
and using IIS use windows security > -Original Message- > From: Jason Wong [mailto:[EMAIL PROTECTED]] > Sent: 28 June 2002 9:31 AM > To: [EMAIL PROTECTED] > Subject: Re: [PHP] securing an 'includes' dir > > > On Friday 28 June 2002 16:25, Nick Wilson

Re: [PHP] securing an 'includes' dir

2002-06-28 Thread Jason Wong
On Friday 28 June 2002 16:25, Nick Wilson wrote: > Hi all > I'm setting up a site for a client and his host refuses to create (or > allow me to) a directory outside of the http root. > > How might I make an 'includes' dir inside the http root and stop users > being able to browse it? If using Apa

[PHP] securing an 'includes' dir

2002-06-28 Thread Nick Wilson
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi all I'm setting up a site for a client and his host refuses to create (or allow me to) a directory outside of the http root. How might I make an 'includes' dir inside the http root and stop users being able to browse it? Many thanks - -- Nick Wi