> >     I come for advice once again. Say i have a file dbconnect.inc which
> > connects to my database. Now if this file is located in a directory
> > accessible for to the web is there anyway that if someone types in that
> > file i can detect it being accessed, instead of included, and redirect them
> > elsewhere?
> >
> > Thanks guys!
> >
> > - Noah
> The best compromise I have seen is to name your file -> somefile.inc.php

No, don't do that.  Protect *.inc files from being accessed by adding a
rule like this to your httpd.conf:

  <Files ~ "\.inc$">
      Order allow,deny
      Deny from all

If you name include files with a .php extension and these files are
designed to be used as included files then loading them directly out of
context could be a security problem.  You are much better off naming your
files some non-PHP extension and blocking all direct access to these
files, or better yet, put your include files somewhere outside your


PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to