Page 1 of 1

the security issue with the extension .inc - newbie question

Posted: Fri Dec 20, 2002 10:57 am
by bohemian
Hello everyone,

I'm new to this forum - this is great site - and also I'm php newbie, so please bare with me for asking very basic questions, hope somebody help me out with this..

I read somewhere that there's the security issue with extension .inc, and wondering if it's ok to use something like the following or I shouldn't use this .inc extension at all?

Code: Select all

<?php include ('logo.inc'); ?>
And one more question please, I installed Apache, MySQL, PHP, etc, on my computer to study PHP, how can I change permission to the files on my computer?

I know how to do it on remote server - I don't know how to use telnet or SSH, but I know how to do it with FTP, but how can I chmod files on my local computer?

Thanks in advance and happy holidays!

Posted: Fri Dec 20, 2002 12:20 pm
by Johnm
Use the .php extension even on includes.
As for the chmod what operating sys. Unix? Linux?
If so on the commandline :
chmod 755 file.php

Johh M

Posted: Fri Dec 20, 2002 1:06 pm
by f1nutter
Johnm wrote:Use the .php extension even on includes.
The reason for doing this is .inc is not a 'standard' extension for web based files. If someone hacks your server and finds out, say your connection file, the page will just print plain text.

Try keying into your browser http://www.yoursite.com/connection.inc and you'll see what I mean.

So you know what files are to be included, you could use the extension .inc.php and it will be parsed like a normal PHP file.

Posted: Fri Dec 20, 2002 2:33 pm
by bohemian
Thanks for fast reply, you guys are very helpful!

Johh M, I'm using *amateur* win xp home.. Unix & Linux sound *pro* for me.

btw, you must be Deadhead, I like Grateful Dead too 8)

f1nutter, thanks for detailed explanation.

I visited your site, you have a cool, nice and clean site, I like your site :)