On Thu, 17 Jan 2002, [EMAIL PROTECTED] wrote: > I've seen a number of sites for example that didn't have the .inc extension >registered, > include() doesn't care about that, but if your includes are under the document root >of your > website (that happens a lot too, i don't know why ?) and you specify the exact name >of > the include in your browser (or worse, the directory is browsable from the web), the >webserver > will default to text/plain content and display the source. Bad thing since includes >usually contain > passwords and stuff.
It also doesn't make a difference to PHP if your include files are in the web server's document root, or not. If you have important information in your include files, you'll be better off placing them in a directory which is not in your web server's document root. The web server will still need to access them, so you'll probably have to leave the permissions on the directory/files such that any users on the local system can read them (just like docs in the web root ... this is not a change), but at least the whole world isn't one HTTP request away from obtaining your important information. If you are the server's admin, or know the person well, you can tighten the file permissions down more with a little administrative work ... adding a new group of which your user and the web server are a member, and only permitting access to your files to that group and yourself. ~Chris /"\ \ / September 11, 2001 X We Are All New Yorkers / \ rm -rf /bin/laden -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]