Kevin Murphy <php@xxxxxxxxxxxxxxxxxx> wrote: .inc files have a disadvantage in that if you view the file: http://www.yoursite.com/file.inc you can see the php code. I prefer not to use those just on the off chance that someone can see my code and use that as the basis for figuring out a way to exploit it (especially true of password files, etc). I have a directory at the same level as Doc Root called include and all my includes are in there. These contains login data, passwords etc. I feel safer keeping as much of my code as possible outside of Doc Root. Stephen
