At 1:55 PM -0700 5/23/07, Kevin Murphy wrote:
.inc files have a disadvantage in that if you view the file:
http://www.yoursite.com/file.inc
you can see the php code. I prefer not to use those just on the off
chance that someone can see my code and use that as the basis for
figuring out a way to exploit it (especially true of password files,
etc).
--
Kevin Murphy
And the other side of that coin is if you have your files ending with
.php, then they can be called/run directly and do things you may not
want done.
That's a good reason to use some sort of token protection in your
include php files so that they cannot be run directly.
Cheers,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
