Hi
A simple question.
In my CMS i got only one accessable main page, that loads dynamically a couple of classes (via include,require). So if only one file needs to be called, does it add more security if i hide all other scripts behind the web sites root directory ?
(Of course all of the files are secure by Session, POST & GET parameter check etc etc.)
_yak
security via hiding scripts ?
Moderator: General Moderators
-
jakobdoppler
- Forum Commoner
- Posts: 46
- Joined: Wed May 21, 2003 6:16 pm
- John Cartwright
- Site Admin
- Posts: 11470
- Joined: Tue Dec 23, 2003 2:10 am
- Location: Toronto
- Contact:
If I understand correctly, you don't want users directly going to http://www.domain.com/page.php, instead you want them to go from the main page and the main page loads the proper page.
What I recommend is simple on the main page have somethings like
and then on each individual files
hope I understood correctly
What I recommend is simple on the main page have somethings like
Code: Select all
<?php
define("IN_SITE",TRUE);
?>Code: Select all
<?php
if (!defined("IN_SITE")) exit ("HACKING ATTEMPT!");
?>in general:
- it is always better to only public what is absolutely required.
- discussions about an "index" page that acts as a controller for the other pages exist already... bigtime
- a well designed script will know if it's expected to be executed or not. not only by hoping noone will call it directly.
- it is always better to only public what is absolutely required.
- discussions about an "index" page that acts as a controller for the other pages exist already... bigtime
- a well designed script will know if it's expected to be executed or not. not only by hoping noone will call it directly.
-
jakobdoppler
- Forum Commoner
- Posts: 46
- Joined: Wed May 21, 2003 6:16 pm