On Mon, Mar 29, 2010 at 11:09 AM, Erlend Sogge Heggen <[email protected]> wrote: > Is there really no way around it? I'm all for security, but I just > love seeing the cleanest possible URLs :) Would the security actually > lessen if I use something like mod_rewrite to remove the .txt?
Erlend, just a quick note that if we make this change it will be completely invisible to the user in everyway. Everything will look exactly the same through the browser--only the actual file names on the server will be changed. The main advantages are 1) You can easily open and edit the pages if they have a .txt ending. Or on my code editor, I can do instant search and/or replace on my whole pages folder, easily. Nice. 2) If someone were to create a page with malicious code content, and if they were able to somehow by pass your .htaccess protections, the .txt ending might prevent that code from being executed. We are safe with our current setup, but this would just add an extra (invisible) layer of protection. But again, if we make the change, nothing would look any different anywhere in your site--nor would it function any differently--it would just look different if you opened a code editor and browsed the server... Cheers, Dan -- You received this message because you are subscribed to the Google Groups "BoltWire" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/boltwire?hl=en.
