Posted by "Denis Gerasimov" on 06/01/05 11:29

>
>
> <Files ~ "\.inc$">
> Order allow,deny
> Deny from all
> </Files>
>
> Without this rule people would be able to access the .inc file directly
> and since PHP won't parse it, the raw source code would be visible which
> could be a security problem. If you prevent this simply by putting .php
> onto the end of your include files, you could have a different security
> problem in that files designed to be included could be run out of their
> include context and could potentially do something unexpected.

I do not agree.

First, this works the same way:

<Files ~ "\.inc\..*$">
Order allow,deny
Deny from all
</Files>

Second, which way are you differ PHP .inc files from HTML .inc files?
Many programs can't too... IMHO it is very inconvenient.

Third, I always write context-independent include files.

Objections?

Thank you.

Best regards,
Denis Gerasimov,
Chief Developer, VEKOS Ltd.
www.vekos.ru

>
> -Rasmus
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php

• Next in forum: Re: [PHP] [Files suffix] .inc.php files
• Prev in forum: Re: [PHP] [Files suffix] .inc.php files
• Thread view: RE: [PHP] .INC files

[Reply to this message]