Jump to content

Direct access to a file is a no-go?


rootKID
 Share

Recommended Posts

Hello W3S! Been a while x)

 

Anyways, i believe my question lies in the title? Well i tried to do that anyways. It's more a question than a request this time.

 

I was wondering for some security purposes on my forum, if it would be possible for the logout file of a user to have NO DIRECT ACCESS in the URL to it?

 

Meaning the only, and i stress the word ONLY ACCESS to the file, are by entering it from another file and if they try to go by url like so:

 

www.domaintitle.com/logout.php

 

then they will simply be re-directed to index.php file.

Is this possible Oo? If so, which ways are there? Would be great to have as an "extra ordinary" security i think ^^'

 

Thanks for your help as usual! ^^

Link to comment
Share on other sites

It doesn't really add any extra security to do that with PHP files, but you could put the file outside of the web root or use .htaccess to deny access to it, and then include it from another PHP script. But there's still going to be some URL to access it, right? So I'm not sure what the point is. The normal case where you would have a setup like this is if people are downloading files or something but need to be logged in first. You would remove direct access to the files and then use a PHP script that gets the filename they want, where the PHP code can make sure they're authorized before sending the file.

Link to comment
Share on other sites

Hmm... i'm not really sure about the security also, like you said. But the reason i said "security" is because the file is called "handler.php", on the file i will make ALL my functions and those functions i will use by including the file to the pages on the website where it's needed.

 

So the reason i said security was really because no one should have direct access to the file itself except through other files where its been included orr something like that.

 

But about HTAccess... how does it work? Never been the best top 100 at htaccess :/

Link to comment
Share on other sites

If you don't want people to access a file then just move it outside of the web root. But, if you have a PHP file that does nothing but define functions or classes or whatever then there's no reason to restrict access to it. If the file does not contain any executable code other than definitions, what can people do by accessing it? In other words, if you have a file with this in it:

<?phpfunction test1() {  echo 'test';}
That's just a definition, there's no other code. There's no way that someone can access that file and actually cause that function to be executed. They're just accessing a file that defines things, and so what?

But about HTAccess... how does it work? Never been the best top 100 at htaccess :/

It's a file that Apache will process to check for rules and things when accessing files inside folders that contain .htaccess files. Each file affects the folder it is in and all subfolders.
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...