On Monday 30 July 2001 20:14, [EMAIL PROTECTED] wrote:
> It's also possible (if you're allowed to change the httpd.conf file) to put
> in a <filesmatch> directive, something like
> <FilesMatch "\.(htaccess|inc|log)$">
> Order deny,allow
> Deny from all
> </FilesMatch>

This is also by far the safest technique (other than moving the included 
files outside your webroot), as it means there is no chance of an included 
file being parsed without it's normal surrounding code which may provide a 
security hole in your system.

Do it this way!!!!
Phil Driscoll

PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to