The right way to fix this is to add a rule to your Apache configuration
that looks like this:
<Files ~ "\.inc$">
Order allow,deny
Deny from all
</Files>
That will simply prevent any direct access at all to your .inc files.
Making the .inc files simply be parsed by PHP could still be a problem as
they could be called out of context.
-Rasmus
On Wed, 4 Jul 2001, Adrian Ciutureanu wrote:
> Here is something that happend to me: I forgot to tell Apache that .inc
> files must be parsed by PHP. All works fine if you include a .inc file,
> but if somebody guess .inc file name, he can see the content of that
> file!
>
> > -----Original Message-----
> > From: David A Dickson [mailto:[EMAIL PROTECTED]]
> > Sent: 4 iulie 2001 16:43
> > To: php-general
> > Subject: [PHP] Security of PHP code
> >
> >
> > Is it possible for others to view the php code for pages I
> > have written? I thought I heard someone say before that they
> > could write a simple script to accomplish this. If anyone
> > knows of any tacticts people might use to attack my code
> > please post them hee.
> >
> > : David A. Dickson
> > : [EMAIL PROTECTED]
> >
> >
> >
> >
> > Get 250 color business cards for FREE!
> > http://businesscards.lycos.com/vp/fastpath/
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> > To contact the list administrators, e-mail:
> > [EMAIL PROTECTED]
> >
> >
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
