RE: Include file questions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




> -----Original Message-----
> From: Tijnema [mailto:tijnema@xxxxxxxxx]
> Sent: 25 May 2007 15:00
> To: tedd
> Cc: Kevin Murphy; Stephen; php
> Subject: Re:  Include file questions
>
>
> On 5/25/07, tedd <tedd@xxxxxxxxxxxx> wrote:
> > At 1:55 PM -0700 5/23/07, Kevin Murphy wrote:
> > >.inc files have a disadvantage in that if you view the file:
> > >
> > >http://www.yoursite.com/file.inc
> > >
> > >you can see the php code. I prefer not to use those just on the off
> > >chance that someone can see my code and use that as the basis for
> > >figuring out a way to exploit it (especially true of password files,
> > >etc).
> > >
> > >--
> > >Kevin Murphy
> >
> > And the other side of that coin is if you have your files ending with
> > .php, then they can be called/run directly and do things you may not
> > want done.
> >
> > That's a good reason to use some sort of token protection in your
> > include php files so that they cannot be run directly.
> >
> > Cheers,
> >
> > tedd
>
> It's just the way you write script, my included files contain only
> functions & variables, no executing code. 99% I have a class around
> it.
> If you write it like that, than there's no problem with execution the
> included file directly, as it loads the class but doesn't do anything
> with it :)
>
> Tijnema
>

Why are your include files in your web root in the first place? Move them
elsewhere on your filesystem and then it's not even possible to access them
via the web.

Edward

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux