[Vtigercrm-developers] Vtiger Consistency and Security

Jorge Torres jorge.torres.maldonado at gmail.com
Fri Jul 20 15:51:30 PDT 2007

Should'nt it be somethig more like adding at the beggining of any file
somethig like:

if(!$_MYSECARRAY["SEC"]) die();

and a first general header file general.php only containing:

So main files such as index are the only ones including general.php

Well, thats just one idea,



On 7/20/07, Paul Rogers <prrogers at gmail.com> wrote:
> It is far more secure to move all possible files outside the website
> root folder. For example, instead of storing "install.php" and "include"
> in the public "vtiger" folder it is wiser to move all publicly visible
> files (such as "index.php") to a "public" folder. Then the web-server
> configuration can point to the "public" folder and the scripts there can
> require or include the other files using a back reference "../" or the
> absolute path of the needed files. Then it is impossible for outside
> users to access sensitive files from the URL.
> Vtiger's code also appears to be very inconsistent and messy. Editors
> such as Kate and Jedit have options such as "Clean indentation" and
> regular-expression search and replace which make cleaning the code
> simpler.
> --Paul
> _______________________________________________
> Reach hundreds of potential candidates - http://jobs.vtiger.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20070720/5f6352cd/attachment-0003.html 

More information about the vtigercrm-developers mailing list