Reply to Re: Parsing a php include (which also contains php code) - or "Reparsing" the php file — All PHP

Posted by Michael Fesser on 06/22/07 01:05

..oO(J.O. Aho)

>It's true, the file extension don't matter when you include files in a php
>file, but by default a *.inc file won't be parsed if it's directly accessed
>
>example: http://www.example.net/myincludefile.inc
>
>This can be a security issue if you store database login/passwords in a *.inc
>file, which you should avoid to use any other extention than *.php, which will
>be parsed on a php enabled server.

Of course these files should be stored outside the document root.

Even a .php extension is no guarantee that no visitors will ever be able
to view that file. A server update, a misconfiguration, whatever --
there are some situations where even a .php file could be delivered
unparsed.

Micha

[Back to original message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация