From a book A common convention is to use .inc for all include files.

Question

0

Asked: June 1, 20262026-06-01T08:27:36+00:00 2026-06-01T08:27:36+00:00

From a book A common convention is to use .inc for all include files.

0

From a book

A common convention is to use .inc for all include files. However,
this potentially exposes you to a major security risk because most
servers treat .inc files as plain text. Let’s say an include file
contains the username and password to your database, and you store the
file with an .inc filename extension within your website’s root
folder. Anyone who discovers the name of the file can simply type the
URL in a browser address bar, and the browser will obligingly display
all your secret details!

But i found there are some .inc files in the include file in a programme eg:drupal and some other programmes,why?how they prevent the inc file from being accessed from the browser?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-01T08:27:37+00:00

Editorial Team

2026-06-01T08:27:37+00:00Added an answer on June 1, 2026 at 8:27 am

.htaccess can be set to not allow web user requests to resources.

See this link

and in particular the section reading…

<Files ~ "\.(inc)$">
order allow,deny
deny from all
</Files>

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

From a book A common convention is to use .inc for all include files.

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply