On Tue, 5 Aug 2003, Voytek Eymont wrote:
> looking at variety of php scripts/apps, these come with an 'includes' directory below
> the application directory
>
> (so, a brower could go there.)
>
> I always used to move the 'includes' dir to the
> outside-of-web-server-root php path (and, modify the scripts
> accordingly)
>
> BUT, now, as just about any php app has the 'include' below tha
> application path:
>
> so, is there a need to have php's inc files outside the web server root ??
>
> am I wasting my time moving the inc files and modifying scripts ?
> or, is it still a good idea ?
I prefer to keep related files together, but block direct access to the
scripts.
Several approaches come to mind:
1) change the suffixes of all includes (eg to .inc). Arrange for apache
to deny access to any .inc files - and while you're at it, deny access to
any other extension not in your mime.types file. That helps with things
like .php~ files left around by emacs users.
2) deny access to any directory with a path containing '/inc/'. Maybe add
a few other names as well.
3) drop .htpasswd files into appropriate directories with directives to
block access.
Andrew
--
No added Sugar. Not tested on animals. May contain traces of Nuts. If
irritation occurs, discontinue use.
-------------------------------------------------------------------
Andrew McNaughton In Sydney
Working on a Product Recommender System
[EMAIL PROTECTED]
Mobile: +61 422 753 792 http://staff.scoop.co.nz/andrew/cv.doc
--
SLUG - Sydney Linux User's Group - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug
