Protecting Includes Folder -[RESOLVED]-

[Electroman]

I have a folder which holds all the files which I'm including in the main scripts. Thing is these includes aren't meant to be run. what ways are there to stop people accessing/running them. I tried changing the folders permission to only Owner & Group can read but I had to switch it back cos it wouldn't allow me to include then.
I was thinking about .htaccess files but i'm not sure how to make them or if that would even work. My host gives a wizard for making them but I'd find it better if I knew how to make them myself .

[visualAd]

Only three more to go

There are a number of ways to protect the include files.

• Put them outside the website root directory. That way there is no way the user can access them.
• Change the permissions so only the the PHP process can access them, this only works under UNIX when run with the SuExec CGI wrapper, as most of the time PHP will run in the same process space as the web server.
• Always name your include scripts with a .php extension, don't fall into the trap of using .inc, becuase if they were to be served to the user by accident a .inc file would simple be dumped, hence all your source code and passwords.
• As a final line of defence, should a user execute the script directly. Define a constant in your main script, and check it exists in the include file before allowing it to run:
  
  main.php
  
  PHP Code:

  <?php
define ('IN_APP', 1);

include('myinclude.php');
?>
  myinclude.php
  
  PHP Code:

  if (! defined('IN_APP')) {
    die('Thie script cannot be run directly.');
} 


[visualAd]

Easy enough with a .htaccess file. Just need two lines:

Order allow,deny
Deny From all

[Electroman]

Well I'd named them all xxx.inc.php As for the define thing thats an idea. Mind if i'm making a .htaccess file I shouldn't need that? IS there any site you know of that I can find out more about .thaccess files?

[Electroman]

http://httpd.apache.org/docs/howto/htaccess.html

&

http://www.javascriptkit.com/howto/htaccess.shtml