security via hiding scripts ?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
jakobdoppler
Forum Commoner
Posts: 46
Joined: Wed May 21, 2003 6:16 pm

security via hiding scripts ?

Post by jakobdoppler »

Hi

A simple question.
In my CMS i got only one accessable main page, that loads dynamically a couple of classes (via include,require). So if only one file needs to be called, does it add more security if i hide all other scripts behind the web sites root directory ?
(Of course all of the files are secure by Session, POST & GET parameter check etc etc.)

_yak
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

If I understand correctly, you don't want users directly going to http://www.domain.com/page.php, instead you want them to go from the main page and the main page loads the proper page.

What I recommend is simple on the main page have somethings like

Code: Select all

<?php

define("IN_SITE",TRUE);

?>
and then on each individual files

Code: Select all

<?php

if (!defined("IN_SITE")) exit ("HACKING ATTEMPT!");

?>
hope I understood correctly
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

in general:

- it is always better to only public what is absolutely required.

- discussions about an "index" page that acts as a controller for the other pages exist already... bigtime

- a well designed script will know if it's expected to be executed or not. not only by hoping noone will call it directly.
jakobdoppler
Forum Commoner
Posts: 46
Joined: Wed May 21, 2003 6:16 pm

Post by jakobdoppler »

Thx
This was a question since I work with files just containing a class definition, that is used in one index(main) file, that needs to be executed. So i'll hide my class definition scripts.

Anyway found my question was rather a topic of PHP Code. Sorry for that. Thanks again for your comment.

_yak
Post Reply