> But, someone can probably download your include files (if > they know the name). A more secure way is to name the files > with a "#" at the beginning and then browsers will not be > able to download them, plus you will get back your syntax > highlighting. For example, if you have a file called > include.inc and you invoke it with > > <cfinclude template="include.inc"> > > Just change the file to #include.cfm and invoke it with > > <cfinclude template="##include.cfm">
There are a couple of points worth noting here. First of all, if the web server is properly configured, the web server won't be able to return those files. Second, there are ways to fetch files no matter what character you use in the file name, unless the web server is configured to prevent this. Finally, I'd recommend that you simply not put files in the web root unless you intend those files to be accessible directly through the web server. This final suggestion is pretty easy to approach. Here's an example: \app_directory\ \app_directory\modules\ \app_directory\web_root\ Place the appropriate files in the web_root directory. Place files only used as includes and custom tags in the modules directory. A variation on this is what we use in our standard directory structure. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 ______________________________________________________________________ This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
