NYCPHP Meetup

NYPHP.org

[nycphp-talk] About the site structure article

Ole Aass php.tutor at yahoo.com
Fri Jul 31 09:59:16 EDT 2009


yeah ofc the best way is to put it outside the root, but like the article sais, not all hosts provide with that, and not all can use *.inc either.. So from the little i know about php, checking if the constant is defined, then give/deny access would make it abit more secure..




________________________________
From: Hans Zaunere <lists at zaunere.com>
To: NYPHP Talk <talk at lists.nyphp.org>
Sent: Thursday, July 30, 2009 6:35:38 PM
Subject: Re: [nycphp-talk] About the site structure article

> That's the strategy I use ... I sure hope that's not unsafe
> 
>     Hello everyone.
>     First of I wanna say hi, since it's my first contribution here.
>     Also I'm not from NY, but Norway. Found your site trough google
> 
>     Now, back on topic:
>     It's a very nice, short and direct article. Easy to understand.
>     What I was thinking tho was about using .php. Wouldn't it add a
> bit more security if you do something like this?
>     <?php if (!defined('doInclude')) { die("Access denied sucker!");
> }
> 
>     .... Code here ....
> 
>     ?>
> 
>     Just asking, cause I'm fairly new to all this so :)
> 
>     Article: http://www.nyphp.org/phundamentals/sitestructure.php

I think both methods work, but the doInclude stuff is always a bit tedious
and superfluous in my opinion.  And what happens if you forget to do this
defines?  This type of thing certainly doesn't hurt, but especially when you
can put stuff outside of the document root, I'd just do that.

H


_______________________________________________
New York PHP User Group Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk

http://www.nyphp.org/show_participation.php



      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20090731/30c1fc72/attachment.html>


More information about the talk mailing list