> If I have a file called db.inc with, for example, this:
>
> However, any user on the system can read db.inc cause its
> chmod'd 0644.
> If I chmod db.inc 0600 or even 0640, index.php can not include it.
>
> How do I go about protecting my files from being read by
> users on the system?
Below is how Rasmus recommends this be handled.
Kirk
The right way to fix this is to add a rule to your Apache configuration
that looks like this:
<Files ~ "\.inc$">
Order allow,deny
Deny from all
</Files>
That will simply prevent any direct access at all to your .inc files.
Making the .inc files simply be parsed by PHP could still be a problem as
they could be called out of context.
-Rasmus
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
