> > (1) avoid using .inc files; use .php files like for normal script
> No, it is safer to block access to .inc files with an httpd.conf rule.

The way I approach this, besides blocking execution, is to put any
sensitive files in a directory above the Document Root for the virtual
domain.  PHP can then reach it, but Apache won't.

/var/www/domain.name/htdocs    <-- php scripts go here
/var/www/domain.name/private   <-- inc files go here


PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to