Code Forums - View Single Post

idx · 11-23-2004, 06:25 PM

Simple answer: no. If the file name ends in .php (or any other applicable extension that PHP is set to execute for, php3, phtml, etc) then it will try to execute.

As Dave mentioned, there is the use of .inc which wont execute when viewed, but you typically don't want people viewing these files.

The best thing would be to place all of these config files outside the webroot, so there's no possibility of them being access via a browser. (only for php includes) Second to that, if you have to put them under the webroot then secure them via .htaccess. eg:

Code:

<Limit GET POST PUT DELETE>
    Deny from all
</Limit>

11-23-2004, 06:25 PM	#3 (permalink)
idx Senior Grasshopper Join Date: Jun 2003 Location: FL Posts: 317	Simple answer: no. If the file name ends in .php (or any other applicable extension that PHP is set to execute for, php3, phtml, etc) then it will try to execute. As Dave mentioned, there is the use of .inc which wont execute when viewed, but you typically don't want people viewing these files. The best thing would be to place all of these config files outside the webroot, so there's no possibility of them being access via a browser. (only for php includes) Second to that, if you have to put them under the webroot then secure them via .htaccess. eg: Code: <Limit GET POST PUT DELETE> Deny from all </Limit>