On Friday 26 May 2006 14:56, Matt Carlson wrote: > One note on include files. Usually it's "best practice" to not name them > .inc > > Name them .inc.php so that they cannot be opened by a webbrowser, thus > giving more information to a potential attacker.
Is this still a concern when all include files are stored outside the webroot (and thus in theory not directly accessible) anyway? > Just my $.02 And much appreciated it is too - I'd *far* rather have too much advice than not enough - especially where security is concerned. Mark -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
