3) Block downloads on .inc files, like using a <Files> directive in httpd.conf or a .htaccess file in apache. (Or whatever on another web server.) Now, even if a user tries to view that file, it won't execute at all, thus perhaps saving you some memory and clock cycles. (And it's generally more secure than treating them as php files since the includes might do something to, say, a database that you don't want them to do unless they're included into a valid php file request.)
J Jason Wong wrote: > > There are two ways to counter this: > > 1) have the .inc files in a directory outside the scope of the webserver > directory. > > 2) set the webserver to treat .inc files as php files. > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
