July 27th, 2000, 03:16 PM
I put my database variables in an include (.inc) file since I use them in several other scripts. These are variables like the mysql server name, database name and password, which I obviously don't want to share with the world, but if I enter the URL of the include file, they are displayed right in the browser. Are there permissions I can set on the file so that php can access it but a browser won't, or do the settings in Apache need to be changed? For the time being, I've removed the file, of course.
July 27th, 2000, 03:20 PM
You should do two things.
1) use AddType in htppd.conf to make .inc a php parsable extension.
2) place the file below the document root so that it cannot be accessed by a web browser. (your files that include it will still be able to access it)
You're on the right track by placing sensitive info outside the main document.
July 27th, 2000, 03:39 PM
or rename it includedfile.php3 , it does not need to be called .inc
July 27th, 2000, 04:09 PM
Thanks, both of you. I will try moving the file below the public folder, and renaming it with a .php extension. Because it's running on someone else's server, I can't change the Apache settings myself, so it'll take a little while to get that fixed.