I think it is not parsed on the remote server, but is on the local server,
but they can't get the source from include().
That said, either way, if they can include() it, then can fopen/fread it, so
it really doesn't mattter....
--
WARNING [EMAIL PROTECTED] address is an endangered species -- Use
[EMAIL PROTECTED]
Wanna help me out? Like Music? Buy a CD: http://l-i-e.com/artists.htm
Volunteer a little time: http://chatmusic.com/volunteer.htm
----- Original Message -----
From: Sed <[EMAIL PROTECTED]>
Newsgroups: php.general
To: <[EMAIL PROTECTED]>
Sent: Thursday, September 20, 2001 1:16 PM
Subject: Security with include() function
> Hi,
>
> I was wandering if someone includes php-file with passwords, private
> paths etc. on a different server like this:
>
> include ("http://someserver/file.php";);
>
> Will this same person be able to echo all the variables in that file.php
> script? Or is it in each and every time processed via php.exe before
> delivered?
>
> Thanks!
> SED
>
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
