including a file on on-rev
J. Landman Gay
jacque at hyperactivesw.com
Tue Nov 3 18:32:30 EST 2009
Alex Tweedly wrote:
> BUT -
> (a) isn't it a lot of extra work ?
> Instead of opening a local file, the interpreter must open an http
> connection to the server and read the file over that.
>
Yeah, this has been harrassing me. I'm pretty sure a path like this
would work but I haven't tried it yet: ~/path/to/includeFile. I'm going
to test it, that would be way easier.
(b) isn't it a (minor) security issue ?
No, because it's revTalk. The browser never sees the file path, only the
contents of the file. To the outside, it looks like hard-coded html.
> I think I'd normally protect my include folder with a .htaccess file, so
> that random users can't access my include files, they can only access
> the web pages I want them to access. But that would (I think, haven't
> tested it) prevent this form of include being used.
I don't think you'd have to, since the path is never sent to the
browser. Alternately, I suppose you could store the includes outside the
web folder. A path is a path, right?
--
Jacqueline Landman Gay | jacque at hyperactivesw.com
HyperActive Software | http://www.hyperactivesw.com
More information about the use-livecode
mailing list