Many Linux command-line people use the VI editor; but if you’re like me and prefer Emacs, you often run into the “problem” that Emacs creates backup files using the original filename and appending a tilde (~) to the end of the filename. E.g. “secret.conf.php” becomes “secret.conf.php~”.
There are a number of ways to go around this, of course. One way is to configure a separate directory for each user where Emacs stores its backup files, and then make that directory readable only by the user.
Why is this a problem? Well, if you’re using Emacs to quickly modify PHP applications’ configuration files, like the database configuration file, you’ll leave a trail of .php~ files. These files are typically not parsed by the PHP processor, instead they are handled by the text file handler in Apache. Meaning, if I enter the url http://myverycoolsite.com/secret.conf.php~, Apache will gladly display its actual contents, just like if you were editing the file.
This can be prevented by using the
<Files ~ “\.(html\~|htmls\~|php\~|phps\~|php3\~|php4\~)$”>
Order allow,deny
Deny from all
</Files>
Perhaps not the most elegant of solutions, but it works. It will result in an “Forbidden” response from Apache. Check out the Apache documentation for more details on this directive.
You can go back to sleep now 🙂
Hi,
Let me take this a step higher. I would affirm that if you have trouble with .php~ files on anything else but your local development box, your way of developing and releasing software is wrong.
1) Never change code on the prod machines
2) Develop locally, stage remotely, pre-prod remotey, then release
And all of the above using a propre environment that does all the nasty for you. Virtualization, anyone? 🙂