[Vtigercrm-developers] Vtiger Consistency and Security
Jorge Torres
jorge.torres.maldonado at gmail.com
Fri Jul 20 15:51:30 PDT 2007
Should'nt it be somethig more like adding at the beggining of any file
somethig like:
if(!$_MYSECARRAY["SEC"]) die();
and a first general header file general.php only containing:
$_MYSECARRAY["SEC"]=true;
So main files such as index are the only ones including general.php
Well, thats just one idea,
Cheers,
Jorge
On 7/20/07, Paul Rogers <prrogers at gmail.com> wrote:
>
> It is far more secure to move all possible files outside the website
> root folder. For example, instead of storing "install.php" and "include"
> in the public "vtiger" folder it is wiser to move all publicly visible
> files (such as "index.php") to a "public" folder. Then the web-server
> configuration can point to the "public" folder and the scripts there can
> require or include the other files using a back reference "../" or the
> absolute path of the needed files. Then it is impossible for outside
> users to access sensitive files from the URL.
>
> Vtiger's code also appears to be very inconsistent and messy. Editors
> such as Kate and Jedit have options such as "Clean indentation" and
> regular-expression search and replace which make cleaning the code
> simpler.
>
> --Paul
>
> _______________________________________________
> Reach hundreds of potential candidates - http://jobs.vtiger.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20070720/5f6352cd/attachment-0003.html
More information about the vtigercrm-developers
mailing list