<![CDATA[FrontAccounting forum — file extension .inc to inc.php]]>2012-10-18T11:53:02ZPunBBhttps://frontaccounting.com/punbb/viewtopic.php?id=3445<![CDATA[Re: file extension .inc to inc.php]]>Makes sense. Except that .htaccess files were being maliciously overwritten and the *.inc files got exposed on the browser. Now incorporated the contents of the .htaccess file into the main apache conf file itself and removed the .htaccess file in Debian Squeeze to work as expected.
Thanks. Wikied the info.
]]>https://frontaccounting.com/punbb/profile.php?id=3642012-10-18T11:53:02Zhttps://frontaccounting.com/punbb/viewtopic.php?pid=13841#p13841<![CDATA[Re: file extension .inc to inc.php]]>I'm not sure what problem you have encountered, but anyway we cannot make such a naming change. *.inc are library files which should never be considered as executable by www server. Renaming them to *.php will make them vulnerable to RFI attack. Another countermeasure would require including ugly security check in every file (like the one at the top of language.php file).
Janusz
]]>https://frontaccounting.com/punbb/profile.php?id=892012-10-17T17:26:19Zhttps://frontaccounting.com/punbb/viewtopic.php?pid=13830#p13830<![CDATA[file extension .inc to inc.php]]>If all the *.inc files are renamed to be *.inc.php and the code altered to use such extensions, then the inability to use the .htaccess file would not be a security issue.]]>https://frontaccounting.com/punbb/profile.php?id=3642012-10-17T14:57:02Zhttps://frontaccounting.com/punbb/viewtopic.php?pid=13828#p13828