开发者

secure include files

I'd like to know the BEST solution to secure includes files. For now my solution is this :

in the index file :

define('KEY','security');
include('s.php';

s.php :

if(KEY!='security') ex开发者_StackOverflow社区it;


Most cases of similar code don't even check for a known value of key, but just check if it is defined.

For example Mediawiki uses this in include files:

<?php
if( !defined( 'MEDIAWIKI' ) ) {
    die( 1 );
}


order deny,allow
deny from all
allow from 127.0.0.1

put this .htaccess in the include files seems to be a neat solution..


The best way would be to not put protected files under the document root (public_html, www, htdocs, etc). You can always include PHP files from the outside of the document root:

/home/user/public_html/index.php:

<?php

include('../include.php');
// /home/user/include.php -- not accessible!
0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜