<![CDATA[FrontAccounting forum — extension .inc often readable]]> https://frontaccounting.com/punbb/viewtopic.php?id=901 Fri, 30 Oct 2009 12:01:55 +0000 PunBB <![CDATA[Re: extension .inc often readable]]> https://frontaccounting.com/punbb/viewtopic.php?pid=3752#p3752 This is done intentionally. All executable files have php extension and are subject to access control. On the other hand *.inc are library files which should never be executed directly, so they have no access control inside. NB FrontAccounting is open source and its security does not rely on fact the code is hidden or not.  The only sensitive file is config_db.php which should never be readable on properly configured server.

Janusz

]]> Fri, 30 Oct 2009 12:01:55 +0000 https://frontaccounting.com/punbb/viewtopic.php?pid=3752#p3752 <![CDATA[extension .inc often readable]]> https://frontaccounting.com/punbb/viewtopic.php?pid=3750#p3750 I noticed that some of the php files do have the extension .inc

This is often not parsed on webservers and allows to read the php code by the browser. Maybe easier to explain by example: http://fa2.iron.from.pl/reporting/includes/doctext.inc will show me the php code.

I'm glad to see that the config_db.php isn't an .inc.

]]> Fri, 30 Oct 2009 10:36:28 +0000 https://frontaccounting.com/punbb/viewtopic.php?pid=3750#p3750