On Wednesday, January 16, 2002, at 08:04 PM, Rasmus Lerdorf wrote:
> No, it is safer to block access to .inc files with an httpd.conf rule. > Allowing people to execute files that were meant to be included out of > context could end up being much more dangerous than simply having people > see the source. > > -Rasmus > So the technique of adding ".inc" to the list of extensions in "AddType application/x-httpd-php" line and just having PHP parse them as PHP code is unwise? Or should a combination of the two be used -- parsing ".inc" files *AND* blocking access to them in httpd.conf? Erik -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
