article

An Important Note About .inc Files

Email
Submitted on: 1/1/2015 12:51:00 PM
By: bleh (from psc cd)  
Level: Beginner
User Rating: By 15 Users
Compatibility: PHP 3.0, PHP 4.0
Views: 1325
 
     Security issues using ".inc" include files.

 
				
An Important Note About .inc Files

This is just a quick note about using include files with the ".inc" file extension. This doesn't apply to JUST PHP, but the web in general. I am posting this here in the PHP section because that is the server side language that I use, and I have noticed an abundance of ".inc" files in various projects throughout PSC.

For those who don't know, ".inc" files are nothing more than a file that generally contains information that you would need to access from various scripts on a site. Most often, they are a time saving way of storing certain variables. A primary example is Login/Passwords for database connections. This way, if you change the login/pass for the database, you only need to update one file.

The problem is, however, that the contents of ".inc" can be viewed in a browser by simply typing in the path. So anyone who knew the path of your include file could easily find out information that you probably didn't want them to know. Now, to those who aren't all that concerned with security, this may not seem a big issue. However, for the more paranoid among us, it is an issue.

I'm not sure if this applies to all platforms. The server I use runs Apache on Slackware, and the SysOp is a pretty security conscious person. Also, it could vary well be just an IE6 thing, as I have not had a chance to test this in any other browser. However, I thought I would make the uninformed among you aware of this.

The best way to get around this is to simply change the file extension to ".php" (or whatever language your using). It's that easy. Don't let your information be compromised.


Other 3 submission(s) by this author

 


Report Bad Submission
Use this form to tell us if this entry should be deleted (i.e contains no code, is a virus, etc.).
This submission should be removed because:

Your Vote

What do you think of this article (in the Beginner category)?
(The article with your highest vote will win this month's coding contest!)
Excellent  Good  Average  Below Average  Poor (See voting log ...)
 

Other User Comments


 There are no comments on this submission.
 

Add Your Feedback
Your feedback will be posted below and an email sent to the author. Please remember that the author was kind enough to share this with you, so any criticisms must be stated politely, or they will be deleted. (For feedback not related to this particular article, please click here instead.)
 

To post feedback, first please login.