On Friday, April 19, 2002, at 07:22 AM, .ben wrote:
> i'm not sure if the same rules apply to PHP but with ASP I make all my
> includes contain only functions and constants, no free mark-up, and then
> save them as .inc.asp so if requested directly they return an empty
> script.
Until the ASP processor craps out. Or if you had any scripts in such
format they would be executed -- which might not be desirable.
Much better to keep includefiles outside of document root or set a
directive with your web server to deny requests for those files
somehow. In Apache it's as easy as
<Files ~ "\.inc$">
Order allow,deny
Deny from all
</Files>
Not sure about IIS though.
Erik
----
Erik Price
Web Developer Temp
Media Lab, H.H. Brown
[EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
