On Wed, 8 Aug 2001 12:03:34 -0600
"Johnson, Kirk" <[EMAIL PROTECTED]> wrote:
> > If I have a file called db.inc with, for example, this:
> >
> > However, any user on the system can read db.inc cause its
> > chmod'd 0644.
> > If I chmod db.inc 0600 or even 0640, index.php can not include it.
> >
> > How do I go about protecting my files from being read by
> > users on the system?
>
> Below is how Rasmus recommends this be handled.
>
> Kirk
>
> The right way to fix this is to add a rule to your Apache configuration
> that looks like this:
>
> <Files ~ "\.inc$">
> Order allow,deny
> Deny from all
> </Files>
>
> That will simply prevent any direct access at all to your .inc files.
> Making the .inc files simply be parsed by PHP could still be a problem as
> they could be called out of context.
>
> -Rasmus
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
This is not what I was asking...
I mean a user on the local system
cd /home/david/webpage/include
cat db.inc
he can read my db.inc.
- David
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
