This is true and I do this in .htaccess or in the main Apache config file
when possible. However, for those who do not have control over the main
config file, you are at the mercy of the system operator. They could turn
off looking at your .htaccess files and not have the "<Files>" directive to
hide the .inc files and then your code you thought private is not private at
all.
The moral of this is to always assume the worst and put those .inc files
anywhere, but the web tree. However, do this only if you care about
protecting the contents.
Caveat Emptor
> -----Original Message-----
> From: Kurth Bemis [mailto:[EMAIL PROTECTED]]
> Sent: Monday, April 23, 2001 1:24 PM
> To: Toby Miller; Jordan Elver
> Cc: PHP General Mailing List
> Subject: Re: [PHP] Site Structure
>
>
> At 01:12 PM 4/23/2001, Toby Miller wrote:
>
> personally i deny all access to my .inc files. with this Apache config...
>
> works really good :-)
>
> in httpd.conf
>
> # The following prevents .inc file from being read by web clients
>
> <Files ~ ".inc">
> Order allow,deny
> Deny from all
> </Files>
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
