I have about 20 virtual hosts on my server and all of them have shtml and
some php files that look to a directory /includes/ which is aliased (in the
srm.conf file) over to a main includes directory under the root dir.
Alias /includes/ /usr/local/etc/httpd/htdocs/includes/
If I change this alias to a directory above the root dir, I can still view
all of my .inc files in a browser even if I rename them to .inc.php
These .inc files are just plain text that get included into all .shtml files
on the virtual hosts.
I tried to do the deny *.inc but doing so just made it so the browser can't
even include them. So that won't do the trick.
Is there any way that I can make these .inc files not readable by viewing
them directly in the browser and still be able to include them into
documents? Same goes for the php config stuff. If I put a config.php script
above the root, how can I get the php script to read it -- is it the same
'ol /usr/etc/httpd/ sort of thing like cgi?
My main concern is to get this stuff more secure while still allowing all of
the virtual hosts to use the files. The contents of the files isn't exactly
top secret, its just a matter of a piece of mind.
Any ideas to sort this out are greatly appreciated! Thanks.
__________________
Jason Dulberg
Extreme MTB
http://extreme.nas.net
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
