Posted by Ewoud Dronkert on 12/30/05 14:02

Josse Barrera wrote:
> i). Is it possible to have your "header" files (i.e. class
> implementation source code) stored in a directory location that is
> hidden in some way - the main goal is to thwart any hacker who may
> simply look at your include() method calls, casually navigate to the
> appropriate directories and peruse your source code at his/her leisure.

Yes, it's possible to store them in any directory for which your PHP
instance has read access (on the same local filesystem), for example a
directory in your homedir alongside public_html. PHP header or include
files are often called .inc or .inc.php. If your webserver is not
configured to treat .inc files the same as .php files, then naming them
..inc.php at least conceals the source of the file when requested directly
because that way they are parsed as php files. Whenever concealment is not
critical and include files are kept in the same dir as the php scripts, I
often prepend inc_ to their name for easier sorting (because they have the
same final extension .php).

--
E. Dronkert

[Back to original message]