>
>
> <Files ~ "\.inc$">
> Order allow,deny
> Deny from all
> </Files>
>
> Without this rule people would be able to access the .inc file directly
> and since PHP won't parse it, the raw source code would be visible which
> could be a security problem. If you prevent this simply by putting .php
> onto the end of your include files, you could have a different security
> problem in that files designed to be included could be run out of their
> include context and could potentially do something unexpected.
I do not agree.
First, this works the same way:
<Files ~ "\.inc\..*$">
Order allow,deny
Deny from all
</Files>
Second, which way are you differ PHP .inc files from HTML .inc files?
Many programs can't too... IMHO it is very inconvenient.
Third, I always write context-independent include files.
Objections?
Thank you.
Best regards,
Denis Gerasimov,
Chief Developer, VEKOS Ltd.
www.vekos.ru
>
> -Rasmus
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
