On Fri, 2007-05-25 at 16:00 +0200, Tijnema wrote: > On 5/25/07, tedd <[EMAIL PROTECTED]> wrote: > > At 1:55 PM -0700 5/23/07, Kevin Murphy wrote: > > >.inc files have a disadvantage in that if you view the file: > > > > > >http://www.yoursite.com/file.inc > > > > > >you can see the php code. I prefer not to use those just on the off > > >chance that someone can see my code and use that as the basis for > > >figuring out a way to exploit it (especially true of password files, > > >etc). > > > > > >-- > > >Kevin Murphy > > > > And the other side of that coin is if you have your files ending with > > .php, then they can be called/run directly and do things you may not > > want done. > > > > That's a good reason to use some sort of token protection in your > > include php files so that they cannot be run directly. > > > > Cheers, > > > > tedd > > It's just the way you write script, my included files contain only > functions & variables, no executing code. 99% I have a class around > it. > If you write it like that, than there's no problem with execution the > included file directly, as it loads the class but doesn't do anything > with it :) > > Tijnema
Yep, same with me. Only runnable code is in the config file that gets run every page anyways and in the pages that get requested themselves. At any rate, anything that shouldn't be requested is outside the web tree. Cheers, Rob. -- .------------------------------------------------------------. | InterJinn Application Framework - http://www.interjinn.com | :------------------------------------------------------------: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `------------------------------------------------------------' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
