Is constant defined enough protection for included files?

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
User avatar
Sindarin
Forum Regular
Posts: 521
Joined: Tue Sep 25, 2007 8:36 am
Location: Greece

Is constant defined enough protection for included files?

Post by Sindarin »

I have several files that I include as the page body for a CMS e.g.

dashboard.php
products.list.php
products.add.php
products.edit.php

Those are included through index.php using a switch. index php has the login check code and also defines a constant define('AllowAccess',1);

My question is, is a check like:
<?php if (!defined('AllowAccess')){exit();} ?> at the very top of each included page enough to protect them from direct access? Or do I have to add the login check in all those as well?

I mean constants are server-side, there shouldn't be any problem correct?
User avatar
twinedev
Forum Regular
Posts: 984
Joined: Tue Sep 28, 2010 11:41 am
Location: Columbus, Ohio

Re: Is constant defined enough protection for included files

Post by twinedev »

That is enough. I use something similar for mine.
Post Reply