William Lovaton wrote:
>
> If you use just and .inc file any user with a browser can hit in the
> URL: http://www.site.com/connect.inc and see what is inside.
...unless you keep your include directory outside the web tree (which
is what I always do). That way the files can only be accessed by
an
No, that is not a good idea. It is potentially much worse to allow people
to execute include files out of context than to merely let them see them.
The correct way to handle this is to either put your include files outside
the document_root, or add an Apache rule to block any direct access to
.in
If you use just and .inc file any user with a browser can hit in the
URL: http://www.site.com/connect.inc and see what is inside.
So, de recomendation is:
Use a .php extension: connect.inc.php
William
El jue, 28-02-2002 a las 14:16, Sam Masiello escribió:
>
> What you could do is have a sc
t: Thursday, February 28, 2002 4:59 AM
Subject: [PHP] PHP and passwords
> Is there a way to connect to your database using php without hard coding
> a password into the php file? We run PostgreSQL 7.1 on a Linux 7.2
> server with the latest version of apache. I don't want to chan
Is there a way to connect to your database using php without hard coding
a password into the php file? We run PostgreSQL 7.1 on a Linux 7.2
server with the latest version of apache. I don't want to change the
authentication within Postgres to not require a password. But I also,
for security rea
5 matches
Mail list logo