|
|
Posted by Matthew Weier O'Phinney on 06/13/05 19:43
* "I. Gray" <phpsupport@selectperformers.com>:
> Is there a big difference between me including a file by putting the url
> in the include() such as
> include("http://www.examplesite.com/examplefile.php) and putting the
> server path such as
> include("number/www.examplesite.com/public_html/examplefile.php") ?
>
> I want to get into good habits you see.
>
> I assume I have to use the first example when the file is on a different
> server.
From a security standpoint, you usually only want to include and/or
require files that are on your local system (your second example),
unless under unusual circumstances (content sharing agreements with
other sites, etc). Ideally, unless you want access to those scripts
directly (i.e., http://www.examplesite.com/examplefile.php), you should
place them somewhere in your include_path, which should be _outside_ the
web server's document root. This prevents idle hacking attempts, and is
generally considered a best practice.
Additionally, using a network stream (which is what you're using when
you specify 'http://') means that you've got additional performance
overhead. Network streams are often more costly, resource wise, than
file streams, and if the file truly is on a remote network, you then
have to wait for that transaction to finish before continuing with your
own processing. If you need to pull content off another server, but that
content does not change often, you would be wise to have a background
process running that pulls this content and caches it for use in your
scripts.
--
Matthew Weier O'Phinney | WEBSITES:
Webmaster and IT Specialist | http://www.garden.org
National Gardening Association | http://www.kidsgardening.com
802-863-5251 x156 | http://nationalgardenmonth.org
mailto:matthew@garden.org | http://vermontbotanical.org
Navigation:
[Reply to this message]
|