[TYPO3-core] RFC #8802: Fileadmin: extensions of new files
David Bruchmann
typo3-team-core at bruchmann-web.de
Thu Aug 20 18:57:49 CEST 2009
----- Ursprüngliche Nachricht -----
Von: Steffen Gebert <steffen at steffen-gebert.de>
Gesendet: Donnerstag, 20. August 2009 18:41:54
An: typo3-team-core at lists.netfielders.de
CC:
Betreff: Re: [TYPO3-core] RFC #8802: Fileadmin: extensions of new files
> On Thu, 20 Aug 2009 14:17:21 +0200, Michael Stucki <michael at typo3.org>
> wrote:
>
>> .inc files normally cannot be executed directly but .php files can. This
>> means, you are unable to write and execute a backdoor using a .inc file.
>
> I read tipps that you should configure your PHP interpreter to parse .inc
> files because otherwise sb. might be able to read your code using HTTP (if
> he nows the file name).
> Don't know, if anybody configures his server this way, but I assume there
> are some.
>
> Steffen
That's my opinion too.
But in general it's no good idea to give files just the suffix .inc,
better is *.inc.php or *.inc.pl or *.inc.somewhat
Best Regards
David
More information about the TYPO3-team-core
mailing list