> On Friday, April 19, 2002, at 07:22 AM, .ben wrote: > > > i'm not sure if the same rules apply to PHP but with ASP I make all my > > includes contain only functions and constants, no free mark-up, and then > > save them as .inc.asp so if requested directly they return an empty > > script. > > Until the ASP processor craps out. Or if you had any scripts in such > format they would be executed -- which might not be desirable.
ASP what does what? I've never experienced anything like that... what do you mean? Confused. > Much better to keep includefiles outside of document root or set a > directive with your web server to deny requests for those files > somehow. In Apache it's as easy as > > <Files ~ "\.inc$"> > Order allow,deny > Deny from all > </Files> > > Not sure about IIS though. Not sure if you can do that in IIS, but the method i describe works fine. Keeping includes out of the document root leads to messy webservers ime, tho, i have worked with a messy bunch of SysAdmins in the past :) .b -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
