directory structure..
Moderator: General Moderators
directory structure..
Hey guys,
What are the advantages of putting php scripts in folders and sub folders in terms of security.. i know it helps for knowing where everything is and its neater but is there any difference in terms of security?
And also if it does help security should the directories be difficult to guess so that attacks won't happen or something?
What are the advantages of putting php scripts in folders and sub folders in terms of security.. i know it helps for knowing where everything is and its neater but is there any difference in terms of security?
And also if it does help security should the directories be difficult to guess so that attacks won't happen or something?
-
alex.barylski
- DevNet Evangelist
- Posts: 6267
- Joined: Tue Dec 21, 2004 5:00 pm
- Location: Winnipeg
1) Protect scripts from outside access by removing read/write access - not very practical unless you have direct control over the system.
2) Use .htaccess to protect files - again not very practical unless you plan on password protecting scripts.
3) Store scripts outside the docroot. Not practical again unless.
Each of these solutions will prevent your scripts from being directly accessed by the outside world. Some better than others - favour the latter it's most fail safe.
What do you mean by scripts? As in classes, includes, etc or executable scripts, as in index.php, etc???
If the latter, you will likely have to use option #2 above or implement your own access control into each script. The latter here is what is most common.
2) Use .htaccess to protect files - again not very practical unless you plan on password protecting scripts.
3) Store scripts outside the docroot. Not practical again unless.
Each of these solutions will prevent your scripts from being directly accessed by the outside world. Some better than others - favour the latter it's most fail safe.
What do you mean by scripts? As in classes, includes, etc or executable scripts, as in index.php, etc???
If the latter, you will likely have to use option #2 above or implement your own access control into each script. The latter here is what is most common.
Ummm im not sure hang on ill give you an example with what the problem is:
say i have a form which updates users money to + 1000
Now say the form was "moneyprocess.php"
but moneyprocess.php should only run if the user presses a certain button withing a form on the "bank.php" script.
Now say the user decided to change the url so it has http://www.bleh.com/moneyprocess.php then entered it.. the script would run rather than jumping out because the user should have come from the bank.php form rather than just going to it by url...
say i have a form which updates users money to + 1000
Now say the form was "moneyprocess.php"
but moneyprocess.php should only run if the user presses a certain button withing a form on the "bank.php" script.
Now say the user decided to change the url so it has http://www.bleh.com/moneyprocess.php then entered it.. the script would run rather than jumping out because the user should have come from the bank.php form rather than just going to it by url...