On Friday, February 15, 2002, at 10:50 AM, Michael Kimsal wrote:
> That's great for you that you have that luxury, as do I, but not > everyone has access to their server's conf file. Whether or not you want to call administrating a web server a luxury is debatable -- I'm learning new things about it all the time. > 'Organizing' would be better served with the separate directory and/or > a prepend, because most directory structures are sorted by name by > default. On using a separate directory, that's agreed. As a matter of personal aesthetics, I don't care to clutter a single directory with many many files (as prefixing filenames could lead to). > The majority of people learning PHP do so by examining other code, and > a great many do so in shared hosting environments where they can't > control the server config files. It is an extreme misconception that this is a luxury that few have, in fact I would go so far as to say that "shared hosting" is a luxury more than anything else. If all you're doing is learning (and I assume that's what you're referring to in your post), then there's absolutely no reason to pay someone else to host your content. Linux and Apache are 100% free of charge. MySQL is also 100% free of charge, for those who wish to use it. I understand that a web hosting provider can provide more stability for public sites than a home connection, so for actually publising content it makes sense to go with a provider. But for development, you don't even need a phone line -- nothing could be easier than accessing a directory through 127.0.0.1, you don't even need to ftp/scp your files to a remote server. In fact, for development, you're better off if you -don't- put your server on the net, for security reasons. It allows you to experiment without fear that someone's going to try to root your box. A few months back I decided to learn how to administrate a web site, use a SQL database, and develop with a scripting language, to add to my limited knowledge of HTML. I'm doing it with an old Pentium II with only 256 MB of RAM. There's no reason a 386 or 68k (pre-PowerPC) couldn't do the same thing. Linux, Apache, MySQL, PHP -- none of them cost me anything more than the time it takes to learn them, which pays itself back in dividends. I still don't know everything, and I'm sure that a competent cracker -could- root my box. But I'm learning all the time, and mentioning things like Apache directives (which are discussed all the time on this list) doesn't hurt anyone. > Furthermore, because they are new they don't understand the security > implications of .inc or other extensions, and > blindly copy code and run it without knowing they are exposed > security-wise. That's my primary beef with .inc and other non- ".php" > extensions. Maybe I don't understand the security implications of .inc -- I thought that it was perfectly safe. Since my php.ini is not configured to parse files with '.inc' extensions, I thought that I was better off using a separate extension than '.php': so that the code cannot be "executed out of context". I got this idea from a post by Rasmus Lerdorf on this very list, only a month ago. Erik ---- Erik Price Web Developer Temp Media Lab, H.H. Brown [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php