Security Question

Forum Moderators: phranque

Message Too Old, No Replies

Security Question

jp_css

7:29 pm on Mar 12, 2004 (gmt 0)

I am pretty new to this. I have php scirpts, .inc files, forms loaded through IFrames, etc. that I would like to be processed but not allow someone to find the page and view the contents. I was wondering if there was an easy way to do this.

Manie

7:38 pm on Mar 12, 2004 (gmt 0)

Add the following line to your index file. (Which is required to run to include .inc files)

define( "INCLUDED", 1 );

At the top of each include file you can put the following lines:

if (!defined("INCLUDED")) {
// no access, terminate script
echo 'Forbidden, this file should be included and cannot be accessed directly.';
exit;
}

That way, people can never run your include files seperatly.

jp_css

9:09 pm on Mar 12, 2004 (gmt 0)

Is there a way to make it so no one can access those files if they went directy to them?

coopster

9:27 pm on Mar 12, 2004 (gmt 0)

Store them off the document root and use PHP's include [php.net] function.

The latter half of this thread addresses the question,
How would one best go about storing scripts off the document root? [webmasterworld.com]
(starting at the second question in msg #7) may help.