Hi!
As I wrote before, I don't have .htaccess nor access to the apache-conf!!!
michi
> How bout an Apache redirect for .inc files to go to denied.htm or
> something? PHP scripts could get to them, but they wouldn't be accessible
> via http.
>
>
>
> At 08:01 PM 3/3/01 +0100, [EMAIL PROTECTED] wrote:
> >Hi!
> >
> >as I wrote in my mail:
> >1.
> >I won't name them ".inc" but ".inc.php" (so *I* know, it's an include
> file)
> >2.
> >I don't even want them to be executable!!!
> >
> >and therefore my question was, if this (on top of every include-file)
> would
> >be safe enough:
> >>> if (substr($SCRIPT_URL,-8)==".inc.php") exit;
> >$PHP_SELF better than $SCRIPT_URL in line above???
> >
> >thanks
> >michi
> >
> >> Include files do not have to end with '.inc', which is purely a
> convention
> >> of dubious value. If you use '.php' as the extension for included
> files,
> >> they will have to be parsed by PHP and can't be read as plain text from
> >> outside.
> >>
> >> > Hi!
> >> >
> >> > I want my include-files not be seen from outside AND not be
> executed!!!
> >> > I don't have access to a directory outside DOCUMENT_ROOT and I don't
> >> have
> >> > .htaccess!!!
> >> >
> >> > I think about something like:
> >> > 1.
> >> > name: <file>.inc.php
> >> > 2.
> >> > add code:
> >> > if ($PHP_SELF==MY_NAME) exit;
> >> > as first line in the inluded script.
> >> > so, if the script is being included from another script, the code
> will
> >> be
> >> > executed - but if the file will be called directly, no code is
> executed!
> >> > BUT - how do I get the include-file's name?
> >> >
> >> > or is it safe enough, to use something like
> >> > if (substr($SCRIPT_URL,-8)==".inc.php") exit;
--
Sent through GMX FreeMail - http://www.gmx.net
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
