Martin Zvarik wrote:
> Hi,
> I saw files like "file.inc.php" and "file.inc"
>
> What is the *.inc suffix good for ?
I don't see the point in file.inc.php, but file.inc is something I use
all the time to indicate that a file is designed to be included and not
accessed directly. Then I have an Apache config rule that prevents
direct access to the file which looks like this:
<Files ~ "\.inc$">
Order allow,deny
Deny from all
</Files>
Without this rule people would be able to access the .inc file directly
and since PHP won't parse it, the raw source code would be visible which
could be a security problem. If you prevent this simply by putting .php
onto the end of your include files, you could have a different security
problem in that files designed to be included could be run out of their
include context and could potentially do something unexpected.
-Rasmus
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
