Simple, secure application file system

Ask about a PHP problem here.
Post Reply
conradk
Posts: 117
Joined: Tue Jul 05, 2011 10:41 pm

Simple, secure application file system

Post by conradk »

Hi people :P

This is both somekind of a tutorial and a request for feedback on this little, and incomplete, bootstrapping system. I'm not done yet. Will update once the project is more complete.

Basically, only static content and the "index.php" can be accessed publicly. The "hidden" folder is only accessed by the server.

EDIT: I've added a "tmp" folder to the "hidden" folder tostore session data and such, so as to make it safe even on shared hosting.

Thanks for your help,
I'm quite new to the whole bootstrapping thing.

Best regards,
CK
Attachments
bootstrap.zip
(5.52 KiB) Downloaded 96 times
User avatar
Kamal
Posts: 123
Joined: Fri May 06, 2011 10:45 am
Contact:

Re: Simple, secure application file system

Post by Kamal »

Usually other people can't "see" your sessions in shared hosting.
conradk
Posts: 117
Joined: Tue Jul 05, 2011 10:41 pm

Re: Simple, secure application file system

Post by conradk »

Well, actually, if the webhost has not thought about making one temps folder per user, users are able to access the session files of others with PHP. If they find out what site's are hosted on their server, they can then steal sessions and log in as someone they are not.
Post Reply