in Historical

php security tip

This will be old hat for all you pro’s out there but for people new to PHP this might be helpful. If your developing an application that has library files, class files, or included files you should always secure these so that they cannot be called from outside your application. The best way is to keep them outside the web servers document home path, but sometimes you can’t.

If that’s the case then you can use the code below to secure them. I’m assuming you have some type of config.php file which is always included (as most do for holding database username,pass,etc). Those variables in the config should be created using “define”. ex: define(‘dbusername’,’cooluser1′);

Now to secure your included files put this at the top of each one:

if (!defined('dbusername')){

So if the constant “dbusername” doesn’t exist, which it wouldn’t if you call an included file directly, then exit the program.