include file exposure
Brought to you by:
baravalle
the .INC files are a bad idea. You should instead
use .php for the config files.
If the web server is not set up probably, a hacker can
view your ftp user simply by view the comic_config.inc
file.
For the next version, I suggest you change it to .php so
hackers can not view the config files.
Logged In: YES
user_id=293285
I agree that .inc can be problematic with a non-correct web
server setup.
Nevertheless, there are several common ways to protect this,
and .inc is a very common choice for included files.
.inc (or .ihtml) as extension let developers distinguish in
a easy way classes, configuration files etc. from web pages.