Reply to Re: Include(filename.php) and security — All PHP

Posted by Michael Fesser on 11/02/07 19:26

..oO(Tom)

>I think some of the concern is that PHP files get configured to be parsed by the
>server before being sent to the user. If you have .inc files, those probably get
>delivered as plain text with all your code viewable.

I would never rely on that for security. All it takes is a little mis-
configuration or maybe a broken server update and even .php files may be
spit out as plain text.

Some weeks ago there was a poster who wrote about a problem with his
server, which occasionally delivered his scripts as plain text, while
most of the time they were parsed correctly ... strange, but it may
happen.

Storing such files outside the document root is the way to go if the
host allows it (every good one does). It's the most secure way.

Micha

[Back to original message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация