It's much more fun, when you can discuss your problems with others...
You are not logged in. Please login or register.
FrontAccounting forum → Report Bugs here → extension .inc often readable
I noticed that some of the php files do have the extension .inc
This is often not parsed on webservers and allows to read the php code by the browser. Maybe easier to explain by example: http://fa2.iron.from.pl/reporting/includes/doctext.inc will show me the php code.
I'm glad to see that the config_db.php isn't an .inc.
This is done intentionally. All executable files have php extension and are subject to access control. On the other hand *.inc are library files which should never be executed directly, so they have no access control inside. NB FrontAccounting is open source and its security does not rely on fact the code is hidden or not. The only sensitive file is config_db.php which should never be readable on properly configured server.
Janusz
FrontAccounting forum → Report Bugs here → extension .inc often readable
Powered by PunBB, supported by Informer Technologies, Inc.
Currently installed 4 official extensions. Copyright © 2003–2009 PunBB.