<![CDATA[FrontAccounting forum — extension .inc often readable]]> 2009-10-30T12:01:55Z PunBB https://frontaccounting.com/punbb/viewtopic.php?id=901 <![CDATA[Re: extension .inc often readable]]> This is done intentionally. All executable files have php extension and are subject to access control. On the other hand *.inc are library files which should never be executed directly, so they have no access control inside. NB FrontAccounting is open source and its security does not rely on fact the code is hidden or not.  The only sensitive file is config_db.php which should never be readable on properly configured server.

Janusz

]]> https://frontaccounting.com/punbb/profile.php?id=89 2009-10-30T12:01:55Z https://frontaccounting.com/punbb/viewtopic.php?pid=3752#p3752 <![CDATA[extension .inc often readable]]> I noticed that some of the php files do have the extension .inc

This is often not parsed on webservers and allows to read the php code by the browser. Maybe easier to explain by example: http://fa2.iron.from.pl/reporting/includes/doctext.inc will show me the php code.

I'm glad to see that the config_db.php isn't an .inc.

]]> https://frontaccounting.com/punbb/profile.php?id=512 2009-10-30T10:36:28Z https://frontaccounting.com/punbb/viewtopic.php?pid=3750#p3750