On Thursday, January 31, 2002, at 11:50 PM, qartis wrote:
> I wanted to hide the existance of my include files by making them
> 'invisible': give a 404 error when requested. This worked, but the files
> that were including were obviously 404ing too. So I decided to use
> $PHP_SELF
> and check whether the script's PHP_SELF was it's filename, which would
> mean
> that it was being accessed directly, as opposed to being included.
Just don't name any of your real files "include"! If you have access to
your web server, you can easily set a directive in httpd.conf (assuming
you're using Apache) to deny any file serve request with the following
line:
<Files ~ "\.inc$">
Order allow,deny
Deny from all
</Files>
Erik
----
Erik Price
Web Developer Temp
Media Lab, H.H. Brown
[EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
