On 10/12/05, Gunther Herzog <[EMAIL PROTECTED]> wrote:
>
> Hi Kishore,
>
> Just a couple of ideas:
>
> 1) Avoid using the HTTP protocol for your includes (slower, more
> overhead). Use
> the server machine's native file system. The actual path to the file will
> vary
> based on the OS (Linux vs Windows) and how the user areas have been
> configured,
> but would typically be something like this...
>
> /home/your_account_name/public_html/connect.php
>
> NOTE: One potential security issue with the above--if at all possible,
> keep the
> connection data OUTSIDE the document root of the web server. In this
> example,
> if something were to go wrong with the server and it decided not to
> process the
> PHP file but rather serve it (as an unrecognized type), then a web visitor
> could potentially see the source code containing your password info.
>
> Alternately, put all included files in their own folder, and use an
> .htaccess
> directive to deny permissions to the specific folder where the protected
> files
> reside (though this is not 100% secure if for some reason the server
> decides
> not to read the .htaccess file).
I will try this .htaccess :)
For any included files that reside under the document root, I use the
> following
> to specify the path to the files:
>
> include($_SERVER['DOCUMENT_ROOT'] . '/includes/db_connect.php');
>
> The advantage to this--moving to a different server becomes much less of a
> headache. Or even better:
>
> define('INCLUDES',$_SERVER['DOCUMENT_ROOT'] . '/includes');
> include(INCLUDES . '/db_connect.php');
>
Now if you've got includes in mutlple places and you want to change where
> they
> reside, you can do so from one place.
>
> And of course, it always helps to make sure you have read permissions for
> the
> file set correctly.
Thanx gunther.. I do have multiple include statements in my scripts.. I will
use your method.. thanx...
--
KISHORE
[Non-text portions of this message have been removed]
------------------------ Yahoo! Groups Sponsor --------------------~-->
Get Bzzzy! (real tools to help you find a job). Welcome to the Sweet Life.
http://us.click.yahoo.com/A77XvD/vlQLAA/TtwFAA/HKFolB/TM
--------------------------------------------------------------------~->
Community email addresses:
Post message: [email protected]
Subscribe: [EMAIL PROTECTED]
Unsubscribe: [EMAIL PROTECTED]
List owner: [EMAIL PROTECTED]
Shortcut URL to this page:
http://groups.yahoo.com/group/php-list
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/php-list/
<*> To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
