William Lovaton wrote:
>
> If you use just and .inc file any user with a browser can hit in the
> URL: http://www.site.com/connect.inc and see what is inside.
...unless you keep your include directory outside the web tree (which
is what I always do). That way the files can only be accessed by
an
No, that is not a good idea. It is potentially much worse to allow people
to execute include files out of context than to merely let them see them.
The correct way to handle this is to either put your include files outside
the document_root, or add an Apache rule to block any direct access to
.in
If you use just and .inc file any user with a browser can hit in the
URL: http://www.site.com/connect.inc and see what is inside.
So, de recomendation is:
Use a .php extension: connect.inc.php
William
El jue, 28-02-2002 a las 14:16, Sam Masiello escribió:
>
> What you could do is have a sc
What you could do is have a script called connect.inc which has your
pg_pconnect statement, then use the "include" directive to include your
connect.inc on all of your subsequent PHP pages. This way you only have the
username/password hard coded in one location so if the username/password
were t
4 matches
Mail list logo
