the security issue with the extension .inc - newbie question

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
bohemian
Forum Newbie
Posts: 5
Joined: Fri Dec 20, 2002 10:57 am
Location: esperanto

the security issue with the extension .inc - newbie question

Post by bohemian »

Hello everyone,

I'm new to this forum - this is great site - and also I'm php newbie, so please bare with me for asking very basic questions, hope somebody help me out with this..

I read somewhere that there's the security issue with extension .inc, and wondering if it's ok to use something like the following or I shouldn't use this .inc extension at all?

Code: Select all

<?php include ('logo.inc'); ?>
And one more question please, I installed Apache, MySQL, PHP, etc, on my computer to study PHP, how can I change permission to the files on my computer?

I know how to do it on remote server - I don't know how to use telnet or SSH, but I know how to do it with FTP, but how can I chmod files on my local computer?

Thanks in advance and happy holidays!
User avatar
Johnm
Forum Contributor
Posts: 344
Joined: Mon May 13, 2002 12:05 pm
Location: Michigan, USA
Contact:

Post by Johnm »

Use the .php extension even on includes.
As for the chmod what operating sys. Unix? Linux?
If so on the commandline :
chmod 755 file.php

Johh M
f1nutter
Forum Contributor
Posts: 125
Joined: Wed Jun 05, 2002 12:08 pm
Location: London

Post by f1nutter »

Johnm wrote:Use the .php extension even on includes.
The reason for doing this is .inc is not a 'standard' extension for web based files. If someone hacks your server and finds out, say your connection file, the page will just print plain text.

Try keying into your browser http://www.yoursite.com/connection.inc and you'll see what I mean.

So you know what files are to be included, you could use the extension .inc.php and it will be parsed like a normal PHP file.
bohemian
Forum Newbie
Posts: 5
Joined: Fri Dec 20, 2002 10:57 am
Location: esperanto

Post by bohemian »

Thanks for fast reply, you guys are very helpful!

Johh M, I'm using *amateur* win xp home.. Unix & Linux sound *pro* for me.

btw, you must be Deadhead, I like Grateful Dead too 8)

f1nutter, thanks for detailed explanation.

I visited your site, you have a cool, nice and clean site, I like your site :)
Post Reply