<quote who="Andrew McNaughton"> > Several approaches come to mind: > > 1) change the suffixes of all includes (eg to .inc). Arrange for apache > to deny access to any .inc files - and while you're at it, deny access to > any other extension not in your mime.types file. That helps with things > like .php~ files left around by emacs users. > > 2) deny access to any directory with a path containing '/inc/'. Maybe add > a few other names as well. > > 3) drop .htpasswd files into appropriate directories with directives to > block access.
4) Create a user-specific and possibly host-specific filesystem location for includes, and add that dir to the php_includes variable in .htaccess or virtualhost directives. This is easy to administer, applicable across the entire hosting environment, and very easy to ensure compatibility with stuff you download (rather than author yourself). ;-) - Jeff -- linux.conf.au 2004: Adelaide, Australia http://lca2004.linux.org.au/ "It's a pan-dimensional cake, and there are many ways to slice it." - Bruce Badger -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
