BetterPHP

The non-existent community
https://betterphp.co.uk/board/

Simple, secure application file system

https://betterphp.co.uk/board/viewtopic.php?t=577

Page 1 of 1

Simple, secure application file system

Posted: Sun Aug 14, 2011 1:45 am
by conradk
Hi people :P

This is both somekind of a tutorial and a request for feedback on this little, and incomplete, bootstrapping system. I'm not done yet. Will update once the project is more complete.

Basically, only static content and the "index.php" can be accessed publicly. The "hidden" folder is only accessed by the server.

EDIT: I've added a "tmp" folder to the "hidden" folder tostore session data and such, so as to make it safe even on shared hosting.

Thanks for your help,
I'm quite new to the whole bootstrapping thing.

Best regards,
CK

Re: Simple, secure application file system

Posted: Sun Aug 14, 2011 9:42 am
by Kamal
Usually other people can't "see" your sessions in shared hosting.

Re: Simple, secure application file system

Posted: Sun Aug 14, 2011 12:24 pm
by conradk
Well, actually, if the webhost has not thought about making one temps folder per user, users are able to access the session files of others with PHP. If they find out what site's are hosted on their server, they can then steal sessions and log in as someone they are not.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited