3) Block downloads on .inc files, like using a <Files> directive in 
httpd.conf or a .htaccess file in apache. (Or whatever on another web 
server.) Now, even if a user tries to view that file, it won't execute at 
all, thus perhaps saving you some memory and clock cycles. (And it's 
generally more secure than treating them as php files since the includes 
might do something to, say, a database that you don't want them to do 
unless they're included into a valid php file request.)


Jason Wong wrote:

> There are two ways to counter this:
> 1) have the .inc files in a directory outside the scope of the webserver
> directory.
> 2) set the webserver to treat .inc files as php files.

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to