PHP Identify Security Concerns?

Question

PHP Identify Security Concerns?

index.php:

define("included", true);

PAGES INCLUDED:

if (included !== true) header('HTTP/1.1 404 Not Found');

The purpose of the codes was to deny access directly, but to allow if they are enabled. I am not sure if this poses any risks. I am not allowed to override .htaccess, so I stick with the PHP alternative.

Any help would be greatly appreciated!

+3

php

blanknamefornow Feb 10 '11 at 23:21

source share

5 answers

, :

if (!defined('included')) { 
    header('HTTP/1.1 404 Not Found'); 
    // actually make the request stop, since clients will not stop on 404 headers
    die(); 
}

+1

arnorhs 10 . '11 23:23

, -?

+1

Mchl 10 . '11 23:29

, , die exit, , . , , , .

common.php ( index.php, )

<?php
  define('IN_PAGE',true);
  ...
?>

include_file.php

<?php
  defined('IN_PAGE') or die('Unallowed access'); // or header('HTTP/1.0 404 Not Found'); exit;
  ...
?>

0

Brad Christie 10 . '11 23:26

:

<?php
   @runtime_presence();

This leads to a fatal error if the stub function was not defined in the center before. (Header redirection and pretty error message are not useful as a security measure.)

0

mario Feb 10 '11 at 23:33

source share

alex · Accepted Answer · 2011-02-10T23:24:17+0000

A sexier way ...

defined('included') OR exit;

That is, use the correct function ( defined()) to find out if a value is defined, and then use a short circuit rating .

In addition, you can probably just use an existing definition and not create it specifically, for example. your bootstrap file might define something like ...

define('DOCROOT', realpath(basename(__FILE__)));

... DOCROOT.

PHP, , : )

PHP Identify Security Concerns?

More articles: