Which is why anyone with a clue makes any special extensions they use
protected by the web server. Which is why I protect .inc, .cfg, .class,
etc. It's also a good idea not to store config-type files in the web tree.
Rick Hodger wrote:
> "Jeff Oien" <[EMAIL PROTECTED]> wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
>
>> Would people like to list bad practices and also point us
>> newbies to any articles online dealing with syntax, correct
>> use of single and double quotes etc.?
>
>
> People who create scripts that include a need for access to a SQL database,
> meaning you need to give it a username and password then making the damn
> configuration file be called something stupid like config.inc.
>
> When you are scripting, using anything with a .inc extension is just asking
> for trouble. If someone requests that file, it'll get passed straight to
> them. It's a .inc, which means that PHP does not know to parse it. Which
> means, that person can see your usernames and passwords. And because it's a
> public package, they're far more likely to know the path to said file.
>
> --
> Rick Hodger
>
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
