CAPS
>How can I protect my php files among other files like templates >(.inc) and mysql config (config.inc) files being copied/read/imported >(front page)/used by other applications other than my site... >can this be done by htaccess? is so , could anyone point me into right >direction? I have renamed my sensitive (those containing l/p for mail and mysql) files to .php and constructed them to render a blank page if ever directly called. Something like this: <? All the sensitive code $db_login = "user"; $db_pwd = "password"; $mail_login = "mail"; $mail_pwd = "pass"; ?> <html><head></head><body></body></html> NO NEED TO PUT THE HTML TAGS IN.. I do not think that -r to everyone would work in that Apache still needs to read the file when included by another script. Still looking for a better way. What concerns me the most is if a code disclosure bug is later discovered in 4.3.0 or another version. I WOULDNT WORRY TOO MUCH - THIS IS PRETTY BASIC. BTW: IF YOU PROTECT FILES WITH HTACCESS AND YOU NEED TO INCLUDE SOME OF THEM TO SERVE PAGES (IE: CONNECT TO DB,ETC) THEN THE USER WILL BE PROMPTED FOR A PASSWORD. YOU WONT WANT THIS. Bryan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php