Not for 'how-to' coding questions but PHP theory instead, this forum is here for those of us who wish to learn about design aspects of programming with PHP.
Moderator: General Moderators
Oren
DevNet Resident
Posts: 1640 Joined: Fri Apr 07, 2006 5:13 am
Location: Israel
Post
by Oren » Tue Apr 03, 2007 2:50 pm
Well, if that's what he meant, then he was right.
That's what you meant
Xoligy ? If so, then I'm sorry.
Anyway, this whole discussion is pointless, since as I said, .ini files are not parsed as PHP when they are called directly
ngungo
Forum Commoner
Posts: 75 Joined: Thu Jun 08, 2006 10:45 pm
Post
by ngungo » Tue Apr 03, 2007 2:59 pm
Oren wrote:
Anyway, this whole discussion is pointless, since as I said, .ini files are not parsed as PHP when they are called directly
Not exactly, I said
.inc.php not
.inc alone.
The point I wanted to make but not sure if it was correct was:
Code: Select all
define ('NOTMYAPP', false); // this is in the main php (i.e. index.php)
if (NOTMYAPP) die("Hacking Attempt!!!"); // this is in .inc.php files
looks more comprehensible.
Oren
DevNet Resident
Posts: 1640 Joined: Fri Apr 07, 2006 5:13 am
Location: Israel
Post
by Oren » Tue Apr 03, 2007 3:14 pm
ngungo wrote: Not exactly, I said .inc.php not .inc alone.
Damn... I'm sorry, I read too fast I guess.
Anyway, just do it like this:
Code: Select all
define ('IN_APP', true); // this is in the main php (i.e. index.php)
if (!defined(IN_APP)) die("Hacking Attempt!!!"); // this is in .inc.php files
feyd
Neighborhood Spidermoddy
Posts: 31559 Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA
Post
by feyd » Tue Apr 03, 2007 3:38 pm
Code: Select all
if (!defined('IN_APP') or constant('IN_APP') !== 'some expected value')
{
die();
}avoids the warnings that may fire.
ngungo
Forum Commoner
Posts: 75 Joined: Thu Jun 08, 2006 10:45 pm
Post
by ngungo » Tue Apr 03, 2007 3:57 pm
feyd wrote: Code: Select all
if (!defined('IN_APP') or constant('IN_APP') !== 'some expected value')
{
die();
}avoids the warnings that may fire.
you mean ||
feyd
Neighborhood Spidermoddy
Posts: 31559 Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA
Post
by feyd » Tue Apr 03, 2007 4:00 pm
no, I mean "or"
Both || and "or" are valid in this context however. Yes, "or" is a real keyword in PHP.
ngungo
Forum Commoner
Posts: 75 Joined: Thu Jun 08, 2006 10:45 pm
Post
by ngungo » Tue Apr 03, 2007 4:35 pm
Thanks! I did not know that. Newbie
fastfingertips
Forum Contributor
Posts: 242 Joined: Sun Dec 28, 2003 1:40 am
Contact:
Post
by fastfingertips » Wed Apr 04, 2007 7:00 am
I don't understand why don't you store the include files in a location that is not public? And include that path from htaccess of using ini_set?
feyd
Neighborhood Spidermoddy
Posts: 31559 Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA
Post
by feyd » Wed Apr 04, 2007 7:50 am
That doesn't really protected them at the source level.
ngungo
Forum Commoner
Posts: 75 Joined: Thu Jun 08, 2006 10:45 pm
Post
by ngungo » Wed Apr 04, 2007 9:13 am
feyd,
Do you have a word of wisdom about how to do include, require files? What is the best practice to keep it secured and source code leak proof?
feyd
Neighborhood Spidermoddy
Posts: 31559 Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA
Post
by feyd » Wed Apr 04, 2007 9:20 am
Consistency in prevention and protection in how your scripts are interacted with. Minimizing the number of scripts the user is allowed to interact with directly can help by forcing them through a wedge. Active monitoring of the (dedicated) server is another. Always getting the latest security patches (at least) for all packages used is important too.
Vigilance is the key.
ngungo
Forum Commoner
Posts: 75 Joined: Thu Jun 08, 2006 10:45 pm
Post
by ngungo » Wed Apr 04, 2007 9:27 am
Thanks!
btw: 蜘龍 - I look it up, it is very nice.