[UPHPU] PHP/MySQL Security
Rusty Keele
RKeele at overlandwest.com
Wed Jul 11 16:47:22 MDT 2007
-----Original Message-----
From: uphpu-bounces at uphpu.org [mailto:uphpu-bounces at uphpu.org] On Behalf
Of Justin Giboney
Sent: Wednesday, July 11, 2007 4:17 PM
To: UPHPU General Discussion
Subject: Re: [UPHPU] PHP/MySQL Security
He was talking about a .inc file. Which I have never used. Is there a
good purpose for using a .inc?
I guess it would be easier for the next developer to understand what
a certain file is, but I just put all my includes in an include folder.
Justin Giboney
>
> I believe he's being extra careful, in the rare event that PHP
> might break and Apache serve up .php files as plain text. I've seen
> it happen once.
>
>
Here is another reason: If you haven't configured your Apache (or which
ever) webserver to send .inc files through the php engine then they will
be dumped as text files - allowing all to see the contents. That is
scary, and I've seen it happen
-Rusty
Confidentiality Warning: This e-mail contains information intended only for the use of the
individual or entity named above. If the reader of this e-mail is not the intended recipient
or the employee or agent responsible for delivering it to the intended recipient, any dissemination,
publication or copying of this e-mail is strictly prohibited. The sender does not accept any
responsibility for any loss, disruption or damage to your data or computer system that may
occur while using data contained in, or transmitted with, this e-mail. If you have received
this e-mail in error, please immediately notify us by return e-mail. Thank you.
More information about the UPHPU
mailing list