[prev in list] [next in list] [prev in thread] [next in thread]
List: quanta
Subject: Re: [Quanta] File extensions, toolbars and auto-completion
From: Don Harden <harden () gsu ! edu>
Date: 2006-11-16 17:12:01
Message-ID: 455C9BE1.9000002 () gsu ! edu
[Download RAW message or body]
Hi Andrew,
You are correct to point out the potential security issues with using
.inc files. That is why I never put .inc files under DocumentRoot (for
apache). Instead I put include files somewhere in my include_path
which is outside of DocumentRoot. I did have an occasion when a
student assistant put some include files under DocumentRoot. That's why
I now also have this in httpd.conf
#
# The following lines prevent .inc files from being viewed by Web clients.
#
<Files ~ "\.inc$">
Order allow,deny
Deny from all
</Files>
Thanks for reminding us about security pitfalls with PHP include files.
Don Harden
Andrew Lowe wrote:
> I second the idea that it is bad practice to use the "inc" extension for php
> include files.... it is a very dangerous practice as your include files could
> be exposed by the web server (you probably should tell apache to handle these
> as php as Eric described, or block access completely.)
>
> As an example on why... do a google search for php include files:
> enter into the search box:
> php filetype:inc
> and have a look at what google can find!
>
> This would also solve the Quanta problem while you are at it :-)
>
> Eric, does editing the DTEP or DTD menu loose changes on an upgrade of Quanta?
>
> Anyway - just really wanted to emphasise the security issues and encourage the
> renaming of the include files.
>
>
>
--
Don Harden harden@Gsu.EDU
Department of Chemistry 564 NSC
Georgia State University ph: (404) 651-3580
Atlanta, Ga. 30302 fax: (404) 651-1416
_______________________________________________
Quanta mailing list
Quanta@mail.kde.org
https://mail.kde.org/mailman/listinfo/quanta
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic