Discover that the current project is to put all the included files under the home directory, as shown in the following figure:
The site Directory is public, in addition to the entry file, all the source code and configuration files, are outside the site directory.
At the beginning did not realize why to do so, then thought, really very necessary, otherwise it is easy to the source code and some important information exposed:
(1) For example, the. inc extension's profile, and other text-type files, can be accessed directly from the browser, and many can have database accounts here
(2) If your Apache does not have support for PHP, PHP files will default as text type in the browser access to "upgrade Apache, or modify the configuration may appear"
If you include your program outside your site directory, you avoid the risk of keeping your private information. Of course, you can configure on Apache to disable access to the. inc file on the browser:
The code is as follows |
Copy Code |
<files ~ "inc$" > Order Allow,deny Deny from all </Files> |
A lot of details like this are easily forgotten by the operator.