Preventing your source code being viewed
Tim Brownlaw (PHP / Moderate)Filename extensions can, when incorrectly specified, be a way to let others view your important code or worse still, your configuration files for your Site or Database.
I know with include files for instance, that we sometimes like to give them the extension ".inc". While this is acceptable to use, if somehow someone knows what to look for - like a file called "config.inc" if they put the pathname following in their browser - for example - http://www.yoursite.com/config/config.inc - then lo and behold their browser will happily display its contents.
Which is not very nice if it contains passwords and usernames etc.
It is highly recommended that all your files use "known Extensions" like php,html or htm for example.So your include file could be named config.inc.php.Using the php as the extension will prevent its contents being displayed.
There are other ways to prevent people from accidently or deliberately viewing your code which I'll discuss in a future article.
© Copyright 2006 - All Rights Reserved - SiteGuts is a part of the Enthonia Content Network