<div>Should'nt it be somethig more like adding at the beggining of any file somethig like:</div>
<div> </div>
<div>if(!$_MYSECARRAY["SEC"]) die();</div>
<div> </div>
<div>and a first general header file general.php only containing:</div>
<div>$_MYSECARRAY["SEC"]=true;</div>
<div> </div>
<div>So main files such as index are the only ones including general.php</div>
<div> </div>
<div>Well, thats just one idea,</div>
<div> </div>
<div>Cheers,</div>
<div> </div>
<div>Jorge</div>
<div><br><br> </div>
<div><span class="gmail_quote">On 7/20/07, <b class="gmail_sendername">Paul Rogers</b> <<a href="mailto:prrogers@gmail.com">prrogers@gmail.com</a>> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">It is far more secure to move all possible files outside the website<br>root folder. For example, instead of storing "
install.php" and "include"<br>in the public "vtiger" folder it is wiser to move all publicly visible<br>files (such as "index.php") to a "public" folder. Then the web-server<br>
configuration can point to the "public" folder and the scripts there can<br>require or include the other files using a back reference "../" or the<br>absolute path of the needed files. Then it is impossible for outside
<br>users to access sensitive files from the URL.<br><br>Vtiger's code also appears to be very inconsistent and messy. Editors<br>such as Kate and Jedit have options such as "Clean indentation" and<br>regular-expression search and replace which make cleaning the code
<br>simpler.<br><br>--Paul<br><br>_______________________________________________<br>Reach hundreds of potential candidates - <a href="http://jobs.vtiger.com">http://jobs.vtiger.com</a><br></blockquote></div><br>