[thelist] Securing PHP include files
rick
rick at techno-weenie.com
Wed Aug 29 22:42:29 CDT 2001
Simple: don't use .inc files. Either rename them something like
include.inc.php or set your web server to parse .inc files as PHP. I even
put a simple line that kills the script if someone accesses the include
script directly.
rick
----- Original Message -----
From: "Todd Tyler" <todd_tyler at yahoo.com>
To: <thelist at lists.evolt.org>
Sent: Wednesday, August 29, 2001 8:35 PM
Subject: [thelist] Securing PHP include files
> Being sort of new to PHP, I have a question about include files.
>
> I've read that to secure my include files (which contain database
> connection functions among other things), I need to place them outside
> of my document root directory. The problem is, I have a site where I
> don't have access to another directory outside of my document root. In
> that case, if I have to place the include files in the document root (or
> a subdirectory of the document root) what's the best way to keep my
> include files from being seen by anyone hitting the site?
>
> Thanks for any ideas.
>
> Todd
>
>
>
> _________________________________________________________
> Do You Yahoo!?
> Get your free @yahoo.com address at http://mail.yahoo.com
>
>
> ---------------------------------------
> For unsubscribe and other options, including
> the Tip Harvester and archive of TheList go to:
> http://lists.evolt.org Workers of the Web, evolt !
>
More information about the thelist
mailing list