At 01:12 PM 4/23/2001, Toby Miller wrote:
personally i deny all access to my .inc files. with this Apache config...
works really good :-)
in httpd.conf
# The following prevents .inc file from being read by web clients
<Files ~ ".inc">
Order allow,deny
Deny from all
</Files>
~kurth
>Jordan,
>
>Not true. If you make your PHP includes look like this:
>
>include("$DOCUMENT_ROOT/includes/header.inc");
>
>Then you can make your image calls with an absolute URL like this:
>
><img src="/images/image.gif" width="10" height="10" border="0">
>
>Also, it's not a good idea to use the .inc extension unless you've
>associated it with PHP. The reason is if I type the URL directly to
>/includes/header.inc I will get the source code for that file in text
>format. However, if you named it header.inc.php it will still follow an
>intelligent naming convention, but will still get interpreted if someone
>tries to access it directly. This will most likely result in an error or
>will just display a blank page depending on what your header file does.
>Either way it doesn't open your source code up to anonymous users. This is
>why Martin is suggesting you to store your include files outside of the root
>web directory so people can't directly access your source code. So either do
>what I've suggested or do what Martin suggested, but it is definitely worth
>the effort to do one of the two.
>
>--Toby
>
>
>----- Original Message -----
>From: "Jordan Elver" <[EMAIL PROTECTED]>
>To: "Ben Cairns" <[EMAIL PROTECTED]>
>Cc: "PHP General Mailing List" <[EMAIL PROTECTED]>
>Sent: Monday, April 23, 2001 11:28 AM
>Subject: Re: [PHP] Site Structure
>
>
> > Hi,
> > Thanks for the reply. I can do that but then the images will not be in the
> > correct location?
> >
> > Jordan
> >
> > On Monday 23 April 2001 15:58, you wrote:
> > > give the include() function a complete path:
> > >
> > > include '/apache/htdocs/include/yourfile.inc.php';
> > >
> > >
> > > -- Ben Cairns - Head Of Technical Operations
> > > intasept.COM
> > > Tel: 01332 365333
> > > Fax: 01332 346010
> > > E-Mail: [EMAIL PROTECTED]
> > > Web: http://www.intasept.com
> > >
> > > "MAKING sense of
> > > the INFORMATION
> > > TECHNOLOGY age
> > > @ WORK......"
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> > To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
>
>--
>PHP General Mailing List (http://www.php.net/)
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
>To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
