On Wednesday, January 16, 2002, at 08:04  PM, Rasmus Lerdorf wrote:

> No, it is safer to block access to .inc files with an httpd.conf rule.
> Allowing people to execute files that were meant to be included out of
> context could end up being much more dangerous than simply having people
> see the source.
> -Rasmus

So the technique of adding ".inc" to the list of extensions in "AddType 
application/x-httpd-php" line and just having PHP parse them as PHP code 
is unwise?  Or should a combination of the two be used -- parsing ".inc" 
files *AND* blocking access to them in httpd.conf?


PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to