Is constant defined enough protection for included files?

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Is constant defined enough protection for included files?

Postby Sindarin » Fri Feb 17, 2012 6:55 pm

I have several files that I include as the page body for a CMS e.g.

dashboard.php
products.list.php
products.add.php
products.edit.php

Those are included through index.php using a switch. index php has the login check code and also defines a constant define('AllowAccess',1);

My question is, is a check like:
<?php if (!defined('AllowAccess')){exit();} ?> at the very top of each included page enough to protect them from direct access? Or do I have to add the login check in all those as well?

I mean constants are server-side, there shouldn't be any problem correct?
HTML 5, CSS 3, JavaScript, PHP 5, SQL, Flash, C++
User avatar
Sindarin
Forum Regular
 
Posts: 521
Joined: Tue Sep 25, 2007 8:36 am
Location: Greece

Re: Is constant defined enough protection for included files

Postby twinedev » Sat Feb 18, 2012 1:21 am

That is enough. I use something similar for mine.
User avatar
twinedev
Forum Regular
 
Posts: 958
Joined: Tue Sep 28, 2010 11:41 am
Location: Columbus, Ohio


Return to PHP - Security

Who is online

Users browsing this forum: No registered users and 1 guest