On Mon, 2010-08-16 at 09:27 +0530, kranthi wrote: > i would configure apache to let php interpreter handle all kinds of > extensions ( http://httpd.apache.org/docs/2.0/mod/mod_mime.html#addhandler > ) > > even then u'll have go through all the steps pointed out by Ash. > the only advantage of this method is more user friendly URL > That would be very slow and prone to failure. What happens when Apache comes across a binary file that contains <?php inside? It seems unlikely, but I've found the more unlikely something should be, the more often it occurs at just the wrong moment! For example, a document that talks about PHP, or an image that randomly contains those characters as part of the bitmap data? Also, the idea of tying an ID into the DB does still allow you to use friendly URLs, but is the ability to guess filenames really something you want in a security system? It would be more prone to brute force attacking I think. Thanks, Ash http://www.ashleysheridan.co.uk
