On 5/25/07, tedd <tedd@xxxxxxxxxxxx> wrote:
At 1:55 PM -0700 5/23/07, Kevin Murphy wrote: >.inc files have a disadvantage in that if you view the file: > >http://www.yoursite.com/file.inc > >you can see the php code. I prefer not to use those just on the off >chance that someone can see my code and use that as the basis for >figuring out a way to exploit it (especially true of password files, >etc). > >-- >Kevin Murphy And the other side of that coin is if you have your files ending with .php, then they can be called/run directly and do things you may not want done. That's a good reason to use some sort of token protection in your include php files so that they cannot be run directly. Cheers, tedd
It's just the way you write script, my included files contain only functions & variables, no executing code. 99% I have a class around it. If you write it like that, than there's no problem with execution the included file directly, as it loads the class but doesn't do anything with it :) Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
