[Webpro] Naming tipp for PHP includes
patrick
pms at stoutstreet.com
Sat Mar 12 13:35:32 EST 2005
Mike S. Krischker wrote:
> Hello
>
> Just wanted to send out a useful tip :)
>
> If you're creating scripts with PHP, you most likely know or use the
> possibility to include external files with code snippets into your
> pages, like: include "includefile";
>
> It seems self-evident to give these files the ending '.inc' and throw
> them in a separate folder called, for instance, 'includes'. *But*...
> Let's imagine what happens if someone is sneaking around on your website
> and guesses the path to one of these include files... say...
> /includes/sessions.inc - What happens if he points his browser to this
> file? Right, all the code is there, sometimes even revealing ways to
> hack into the site.
>
> What can be done to avoid this? Simply give your include files the
> ending '.php' instead, and the server will parse all the PHP code
> before sending it to the client, so no backend code is revealed.
>
> Cheers
>
> Mike
Or have your include folders outside the web site path.
patrick sanders
http://www.stoutstreet.com
web sites that fit
More information about the Webpro
mailing list