|
|
Posted by John Nichel on 06/01/05 16:42
Leif Gregory wrote:
> Hello Martin,
>
> Sunday, May 29, 2005, 9:24:00 PM, you wrote:
> M> I saw files like "file.inc.php" and "file.inc"
> M> What is the *.inc suffix good for ?
>
> It's good for a lot of trouble if the webserver hasn't been set up to
> parse .inc files as PHP. If it hasn't then someone can request that
> file in a broswer and see the code.
PHP will parse the file when called via include() or require(), no
matter the extension and how the web server is configured. Now if a
user tries to access the file directly, then the webserver comes into
play....but one would think that you don't want include files accessed
directly anyway. Best ways to do this is to put them outside of
document root, give them a unique extension (like .inc or .inc.php) that
you can filter out in Apache, and put some 'security measure' in the
file itself (like checking to see if a constant is set).
--
John C. Nichel
ÜberGeek
KegWorks.com
716.856.9675
john@kegworks.com
[Back to original message]
|