> > I come for advice once again. Say i have a file dbconnect.inc which
> > connects to my database. Now if this file is located in a directory
> > accessible for to the web is there anyway that if someone types in that
> > file i can detect it being accessed, instead of included, and redirect them
> > elsewhere?
> >
> > Thanks guys!
> >
> > - Noah
>
> The best compromise I have seen is to name your file -> somefile.inc.php
No, don't do that. Protect *.inc files from being accessed by adding a
rule like this to your httpd.conf:
<Files ~ "\.inc$">
Order allow,deny
Deny from all
</Files>
If you name include files with a .php extension and these files are
designed to be used as included files then loading them directly out of
context could be a security problem. You are much better off naming your
files some non-PHP extension and blocking all direct access to these
files, or better yet, put your include files somewhere outside your
document_root.
-Rasmus
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
