Thanks guys. That really helpful. Chuck Payne
On 9/21/02 10:16 PM, "Chris Shiflett" <[EMAIL PROTECTED]> wrote: > This explanation from Justin is worth saving. > > I also like to call all of my included modules *.inc, and I prefer to > store them outside of document root. > > However, if you want to keep all of your files together, the .htaccess > file shown below is the best way to restrict direct access to modules. > Some people make the mistake of simply making *.inc files considered PHP > by Apache (claiming it is better to execute them than to have their > source code displayed), but this gives attackers the opportunity to > execute your modules out of context - a very dangerous approach. > > One extra note worth adding is that you should add this configuration to > your httpd.conf if you are the Web server administrator. This will keep > you from having to remember the .htaccess file everywhere. Justin's > method is best for when you do not have this option. > > Chris > > Justin French wrote: > >> I place name all my included files *.inc... I place them all in a folder >> /inc/ and place a .htaccess file in that directory to restrict the files >> being served of HTTP: >> >> <Files ~ "\.inc$"> >> Order Allow,Deny >> Deny from all >> </Files> >> >> Another option would be to place them in a folder ABOVE your web root, so >> that Apache can't serve them -- if you have that option. >> > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
