On Fri, May 26, 2006 9:46 am, Mark Kelly wrote: > On Friday 26 May 2006 14:56, Matt Carlson wrote: >> One note on include files. Usually it's "best practice" to not name >> them >> .inc >> >> Name them .inc.php so that they cannot be opened by a webbrowser, >> thus >> giving more information to a potential attacker. > > Is this still a concern when all include files are stored outside the > webroot (and thus in theory not directly accessible) anyway? If they are outside the web-tree, the concerns about .inc that are addressed by .inc.php do, in fact, become moot. You could name them .beezelbub at that point... :-) -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
