Restricting direct access to your view-files in CodeIgniter?
I’m new to CodeIgniter, I was wondering if it’s considered a good practice to restrict direct access to your view-files? Obviously they are going to contain a lot of php-code that relies on va开发者_运维知识库riables and what not passed to them from the controller, so the php-code could easily come up with an error if it’s directly accessed couldn’t it?
Bonus question: Why are the helpers, libraries, hooks etc. folders empty in the application folder?
Thanks for your time.
The main reason nobody bothers to restrict access to their view files is because they will either fatal error or show a useless page.
If people want to go to the effort of trying to work out your folder structure and file names, they will be rewarded with... absolutely nothing. You would have to write some really crazy code to make a view insecure.
If you REALLY want to secure them, go ahead.
At the top of your view, enter:
<?php if (!defined('BASEPATH')) exit('No direct script access allowed'); ?>
<h1>Whatever</h1>
I have never seen anyone restrict access to view files, but i dont see any reason why you wouldn't be able to do so. For better security you should really put your system and application folder below the web root and point the index.php back one directory to those folders. That way the possibility of someone directly accessing your files is slim to none.
As for why the folders are empty. The application folder is where you put YOUR code. The helper, libraries, and models folders in the system folder are filled with source code. The goal is to only put your code in application so when you upgrade to future versions of CodeIgniter your dont break any code or functionality you have implemented. You also can overload the codeigniter functions by doing what is says here...
http://codeigniter.com/user_guide/general/creating_libraries.html
and scroll down to "Extending Native Libraries"
user, if you are on a shared host and they don't allow access to anything else than wwwroot folder, you can create a subfolder (name it "private") and write its .htaccess file to deny all requests to this subfolder. Then you can place the system and application folders of codeigniter in this subfolder and place your index.php folder in the regular location (changing the "system" and "application" variables inside index.php to correctly reflect the new paths) and that way all code is secure from direct access. :-)
edited: About the folders question, its a scope thing. The helpers, libraries, hooks application folders are for application specific items. Maybe ones you custom create, or maybe ones downloaded from a third party. But the idea is that you have "system-wide" items and then you have "application-wide" items. Having application folders allows you to extend system-wide items to meet the specific application needs (see more @ http://codeigniter.com/user_guide/general/creating_libraries.html). This doesn't make too much sense with one application, but if your installation has multiple applications, thats really where this comes in handy.
精彩评论