David 天宇 Wong
Reputation: 4187
secure include files
I'd like to know the BEST solution to secure includes files. For now my solution is this :
in the index file :
define('KEY','security');
include('s.php';
s.php :
if(KEY!='security') exit;
Upvotes: 0
Views: 1718
Answers (3)
CodesInChaos
Reputation: 108790
Most cases of similar code don't even check for a known value of key, but just check if it is defined.
For example Mediawiki uses this in include files:
<?php
if( !defined( 'MEDIAWIKI' ) ) {
die( 1 );
}
Upvotes: 1
Tower
Reputation: 102785
The best way would be to not put protected files under the document root (public_html, www, htdocs, etc). You can always include PHP files from the outside of the document root:
/home/user/public_html/index.php:
<?php
include('../include.php');
// /home/user/include.php -- not accessible!
Upvotes: 0
David 天宇 Wong
Reputation: 4187
order deny,allow
deny from all
allow from 127.0.0.1
put this .htaccess in the include files seems to be a neat solution..
Upvotes: 0
Related Questions
- PHP Securely include files + handle invalid parameters
- secure php-included file in php code
- Relative paths for include in php
- Secure Include php
- Keeping PHP Includes Secure
- How can I protect my included php files from direct access?
- Secuity considerations when including files
- Better/safer way to use php include?
- Simple security question: PHP Includes
- How can I sanitize my include statements?