 |
 |
 |
 |
|
|
Date: 11/25/01
- Next message: axel <email protected>: "[PHP-DOC] Bug #14219: Various documentation suggestions"
- Previous message: Philip Olson: "[PHP-DOC] cvs: phpdoc / global.ent"
- In reply to: Gabor Hojtsy: "Re: [PHP-DOC] Re: PHP: Cool PHP Tips"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
A good method is to create a lib directory under the application, and
restrict the webserver access to it, like this:
if the application is: /myapps/myapp.php, you include "lib/os_secrets.xyz".
in apache, you do:
<Location /myapps/lib>
deny from all
</Location>
As PHP script engine does not need webserver approval to read the file, it
works fine.
[]s
Nelson Junior
nelson <email protected>
nelson <email protected>
----- Original Message -----
From: "Gabor Hojtsy" <goba <email protected>>
To: "Leszek Krupiński" <leszek <email protected>>
Cc: "Vip Malixi" <vip_m <email protected>>; <webmaster <email protected>>;
<phpdoc <email protected>>
Sent: Sunday, November 25, 2001 7:32 PM
Subject: Re: [PHP-DOC] Re: PHP: Cool PHP Tips
> > > 1. always use ".php" (or
> > > ".php3" for earlier versions) file name extensions for
> > > include files, otherwise, crackers can view your
> > > code.
>
> It should be writen in other way. We should warn about that
> danger and inform about few methods of solving that problem. Way
> other than shown above is to set .inc (or any other) extension to
> be parsed by webserver.
OK, this letter can give us something to talk about
give ideas together and expand that security chapter...
Goba
- Next message: axel <email protected>: "[PHP-DOC] Bug #14219: Various documentation suggestions"
- Previous message: Philip Olson: "[PHP-DOC] cvs: phpdoc / global.ent"
- In reply to: Gabor Hojtsy: "Re: [PHP-DOC] Re: PHP: Cool PHP Tips"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]