Security Practice :: Minimizing Exposure

Security Practice :: Minimizing Exposure

Security Practice :: Minimizing Exposure

Keep webroot clean
- Any file that shouldnt be called via URL
- Include files
- - config.inc
  - lib_db.inc
- Backup files
- - index.php~
  - index.php.bak
Apache may be able to help. (.htaccess)

        
              <Files ~ "(\.inc|\~|config.php)$">
            
                  Order allow,deny
            
                  Deny from all
            
              </Files>

        
              <Directory ~ ".*/CVS/">
            
                  Order allow,deny
            
                  Deny from all
            
              </Directory>