From: "Alex Holst" <none@holsta--mongers.org.lh.bsd-dk.dk> Date: Tue, 22 Oct 2002 04:51:22 +0200 To: bsd-dk@bsd-dk.dk Subject: Re: apache: ignore *.php_class
Quoting Torben Sørensen (tos@tinx.dk):
> Måske lidt off-topic, men hvordan får jeg apache til IKKE at vise filer
> med extention *.php_class
8.6. Prevent Include/Configuration File Access
....
Place the include/configuration files outside of the web
documentation root (so that the web server will never serve the
files). Really, this is the best approach unless there's some
reason the files have to be inside the document root.
<URL:http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/prevent-include-access.html>
Jeg bruger selv et directory layout i stil med:
/var/www/foo.com/htdocs
/var/www/foo.com/include
/var/www/foo.com/sql
Det betyder, at for at andre kan bruge min applikation skal de goere
noget aktivt (tilfoeje en vhost med /htdocs som DocRoot) for at den
virker, hvorefter den stadigt er sikker -- imodsaetning til de
applikationer som virker med det samme, men kraever at der goeres noget
aktivt (tilfoeje deny linier til vhosten) for at applikationen data ikke
kan tilgaas.
-- I prefer the dark of the night, after midnight and before four-thirty, when it's more bare, more hollow. http://a.mongers.org
This archive was generated by hypermail 2b30 : Wed 15 Nov 2006 - 18:24:24 CET