El Mié 23 Nov 2005 15:34, Martín Marqués escribió:
El Mié 23 Nov 2005 15:16, Thomas -Balu- Walter escribió:
Hello all,
I have two short suggestions regarding include-files:
IMHO the include files (in program/include/ e.g.) should have an ".inc.php" ending to avoid calling them directly in the browser. Since those are not config files it might not be a big security problem, but it might still be possible to identify the roundcube version or other "sensitive" data by having a look at them.
Well, what I normally do is name all the include files with .inc ending and deny access to does files (for example in the .htaccess file in the root directory.
Replying to my post:
OK, just started seeing the program structure, and I don't get whats wrong with it. It's fine, AFAIK. All files inside program/include and program/lib with the exception of the external files (DB.php and MDB2.php) end with .inc and they are denyed in the .htaccess file.