Just something that crossed my mind a few times. What if another website includes this file in their own php page. That site can't access those variables can they? (I'm sure PHP wouldn't allow that but I need to put this curiousity to rest)
Nate "Bryan Lipscy" <[EMAIL PROTECTED]> wrote in message 005301c2d6dd$47a11250$6301a8c0@ukiuki">news:005301c2d6dd$47a11250$6301a8c0@ukiuki... > > >How can I protect my php files among other files like templates > >(.inc) and mysql config (config.inc) files being copied/read/imported > >(front page)/used by other applications other than my site... > >can this be done by htaccess? is so , could anyone point me into right > >direction? > > > I have renamed my sensitive (those containing l/p for mail and mysql) > files to .php and constructed them to render a blank page if ever > directly called. > > Something like this: > <? > All the sensitive code > $db_login = "user"; > $db_pwd = "password"; > $mail_login = "mail"; > $mail_pwd = "pass"; > ?> > > <html><head></head><body></body></html> > > > I do not think that -r to everyone would work in that Apache still needs > to read the file when included by another script. > > Still looking for a better way. What concerns me the most is if a code > disclosure bug is later discovered in 4.3.0 or another version. > > Bryan > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
