".inc" VS ".php3" -- what is the difference

jjoves

What is the difference in saving your scripts with an ".INC" extension compared to ".PHP3" extension...

which one is more secure
which one is the std.

cahva

Usually servers dont parse .inc as php so you could write for example www.yourdomain.com/test.inc in your browser and it would show it as a text. If its extension is .php, it would show no code inside the file.

Its better to write the names like something.php. Some people write it with the inc in name like something.inc.php. So actually extension .inc doesnt mean anything. Its just the way that was used before but today most of the coders dont use it because if you move the code from server to other, the other server propably dont parse .inc files and therefore shows as a plain text for everybody to see.

So use .php or .php3 as extension, not .inc. Inc is not standard and is not safe to use on most of the servers...

Sxooter

cahva, that's like saying don't use .htaccess files.

Since there's already an entry for those, it should be easy enough to copy it and deny access to the .inc files. The one for .htaccess is like this:

<Files ~ "^\.ht">
    Order allow,deny
    Deny from all
</Files>

~ "^.ht" means:
~ = reg ex match
^ = anchor at beginning of string
. = a dot (you have to escape them with a )
ht = string to match

doing a 'man 7 regex' on rhlinux or 'man regex' on freebsd will get a page on posix regular expressions, the kind apache uses.

Since we want to match the right side against, .inc, we need to right anchor, the $ symbol.

<Files ~ "\.inc$">
    Order allow,deny
    Deny from all
</Files>

and testing it on my box, it seems to work.

p.s. love the boing icon!

cahva

No no no! You got me all wrong. I just meant that when using "default" setup on server, it doesnt parse files like *.inc.

I know what you meant but I didnt want to go that deep.

And yeah, I love the boing-icon too! 🙂
Amiga Rulez! 😃 (I still use it)