Page 1 of 1

security via hiding scripts ?

Posted: Mon Sep 06, 2004 5:56 am
by jakobdoppler
Hi

A simple question.
In my CMS i got only one accessable main page, that loads dynamically a couple of classes (via include,require). So if only one file needs to be called, does it add more security if i hide all other scripts behind the web sites root directory ?
(Of course all of the files are secure by Session, POST & GET parameter check etc etc.)

_yak

Posted: Tue Sep 07, 2004 7:16 pm
by John Cartwright
If I understand correctly, you don't want users directly going to http://www.domain.com/page.php, instead you want them to go from the main page and the main page loads the proper page.

What I recommend is simple on the main page have somethings like

Code: Select all

<?php

define("IN_SITE",TRUE);

?>
and then on each individual files

Code: Select all

<?php

if (!defined("IN_SITE")) exit ("HACKING ATTEMPT!");

?>
hope I understood correctly

Posted: Tue Sep 07, 2004 7:25 pm
by timvw
in general:

- it is always better to only public what is absolutely required.

- discussions about an "index" page that acts as a controller for the other pages exist already... bigtime

- a well designed script will know if it's expected to be executed or not. not only by hoping noone will call it directly.

Posted: Wed Sep 08, 2004 2:13 am
by jakobdoppler
Thx
This was a question since I work with files just containing a class definition, that is used in one index(main) file, that needs to be executed. So i'll hide my class definition scripts.

Anyway found my question was rather a topic of PHP Code. Sorry for that. Thanks again for your comment.

_yak