On 5/25/07, Edward Kay <[EMAIL PROTECTED]> wrote:
> -----Original Message----- > From: Tijnema [mailto:[EMAIL PROTECTED] > Sent: 25 May 2007 15:00 > To: tedd > Cc: Kevin Murphy; Stephen; php > Subject: Re: [PHP] Include file questions > > > On 5/25/07, tedd <[EMAIL PROTECTED]> wrote: > > At 1:55 PM -0700 5/23/07, Kevin Murphy wrote: > > >.inc files have a disadvantage in that if you view the file: > > > > > >http://www.yoursite.com/file.inc > > > > > >you can see the php code. I prefer not to use those just on the off > > >chance that someone can see my code and use that as the basis for > > >figuring out a way to exploit it (especially true of password files, > > >etc). > > > > > >-- > > >Kevin Murphy > > > > And the other side of that coin is if you have your files ending with > > .php, then they can be called/run directly and do things you may not > > want done. > > > > That's a good reason to use some sort of token protection in your > > include php files so that they cannot be run directly. > > > > Cheers, > > > > tedd > > It's just the way you write script, my included files contain only > functions & variables, no executing code. 99% I have a class around > it. > If you write it like that, than there's no problem with execution the > included file directly, as it loads the class but doesn't do anything > with it :) > > Tijnema > Why are your include files in your web root in the first place? Move them elsewhere on your filesystem and then it's not even possible to access them via the web. Edward
Oh, I don't want my web files all over the filesystem, I want to keep all files for a single project inside a single folder on my webserver. So, that if i move them around, I have all files there. Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
