On Friday, February 15, 2002, at 10:50  AM, Michael Kimsal wrote:

> That's great for you that you have that luxury, as do I, but not 
> everyone has access to their server's conf file.

Whether or not you want to call administrating a web server a luxury is 
debatable -- I'm learning new things about it all the time.

> 'Organizing' would be better served with the separate directory and/or
> a prepend, because most directory structures are sorted by name by 
> default.

On using a separate directory, that's agreed.  As a matter of personal 
aesthetics, I don't care to clutter a single directory with many many 
files (as prefixing filenames could lead to).

> The majority of people learning PHP do so by examining other code, and 
> a great many do so in shared hosting environments where they can't 
> control the server config files.

It is an extreme misconception that this is a luxury that few have, in 
fact I would go so far as to say that "shared hosting" is a luxury more 
than anything else.  If all you're doing is learning (and I assume 
that's what you're  referring to in your post), then there's absolutely 
no reason to pay someone else to host your content.

Linux and Apache are 100% free of charge.  MySQL is also 100% free of 
charge, for those who wish to use it.  I understand that a web hosting 
provider can provide more stability for public sites than a home 
connection, so for actually publising content it makes sense to go with 
a provider.  But for development, you don't even need a phone line -- 
nothing could be easier than accessing a directory through, 
you don't even need to ftp/scp your files to a remote server.

In fact, for development, you're better off if you -don't- put your 
server on the net, for security reasons.  It allows you to experiment 
without fear that someone's going to try to root your box.

A few months back I decided to learn how to administrate a web site, use 
a SQL database, and develop with a scripting language, to add to my 
limited knowledge of HTML.  I'm doing it with an old Pentium II with 
only 256 MB of RAM.  There's no reason a 386 or 68k (pre-PowerPC) 
couldn't do the same thing.  Linux, Apache, MySQL, PHP -- none of them 
cost me anything more than the time it takes to learn them, which pays 
itself back in dividends.  I still don't know everything, and I'm sure 
that a competent cracker -could- root my box.  But I'm learning all the 
time, and mentioning things like Apache directives (which are discussed 
all the time on this list) doesn't hurt anyone.

> Furthermore, because they are new they don't understand the security 
> implications of .inc or other extensions, and
> blindly copy code and run it without knowing they are exposed 
> security-wise.  That's my primary beef with .inc and other non- ".php"
> extensions.

Maybe I don't understand the security implications of .inc -- I thought 
that it was perfectly safe.  Since my php.ini is not configured to parse 
files with '.inc' extensions, I thought that I was better off using a 
separate extension than '.php': so that the code cannot be "executed out 
of context".  I got this idea from a post by Rasmus Lerdorf on this very 
list, only a month ago.



Erik Price
Web Developer Temp
Media Lab, H.H. Brown

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to