From: "MOD" <[EMAIL PROTECTED]>
> PHP-Survey is an online survey creation and management system written in
> PHP. It uses a MySQL database on backend for all data handling.
> Global.inc holds the database information, and settings for the survey's
> interface. Global.inc on default settings is not interpreted by PHP hence
> any user can make an HTTP request for global.inc and will be able to view
> the source code, hence the database password, username, localhost is
> revealed, and also superuser information for the administration of the
poll
> survey. A solution might be to rename global.inc to global.inc.php.
A better advice would probably be to make .inc files inaccessible for
webbrowsers. This is generally a good idea, as to the best of my knowledge
no web app ever sends .inc files for anything.
On Apache, this could be done with something like this:
<Files *.inc>
Order allow,deny
Deny from all
</Files>
Jens Knoell
