[Webpro] Naming tipp for PHP includes
Mike S. Krischker
info at webdesign-list.com
Sat Mar 12 13:30:54 EST 2005
Hello
Just wanted to send out a useful tip :)
If you're creating scripts with PHP, you most likely know or use the
possibility to include external files with code snippets into your
pages, like: include "includefile";
It seems self-evident to give these files the ending '.inc' and throw
them in a separate folder called, for instance, 'includes'. *But*...
Let's imagine what happens if someone is sneaking around on your website
and guesses the path to one of these include files... say...
/includes/sessions.inc - What happens if he points his browser to this
file? Right, all the code is there, sometimes even revealing ways to
hack into the site.
What can be done to avoid this? Simply give your include files the
ending '.php' instead, and the server will parse all the PHP code
before sending it to the client, so no backend code is revealed.
Cheers
Mike
More information about the Webpro
mailing list