white list
Posted: Thu Jul 17, 2008 10:27 pm
I am including a file that is dependent on a $_GET request. All the files that can/should be included are located in a modules/ directory. Are there any issues with using this method as a white list?
Would it be better to store all valid "modules" in my database and query it? If so, why? (I'd rather not rely on a database if possible, but security is more important.)
Thanks,
John
Code: Select all
if(file_exists("modules/" . $_GET['module'] . ".php") {
require_once("modules/" . $_GET['module'] . ".php");
}Thanks,
John