Reply to Re: [PHP] Template Security Advice (WASP - http://wasp.sourceforge.net)

Your name:

Reply:


Posted by Tom Rogers on 10/13/05 06:32

Hi,

Tuesday, October 11, 2005, 3:37:13 PM, you wrote:
BF> I'm finishing up my WASP framework 1.0 release (http://
BF> wasp.sourceforge.net) and I'm trying to decide the best way to lay
BF> out the template directories.

BF> WASP uses HTML_Template_Flexy for its template system. The templates
BF> are compiled using "Chunk" classes that each refer to a html template.

BF> The way it works now, the directory structure of applications is
BF> |_ /webroot/module/templates

BF> where module is where the php classes are stored, and templates is
BF> where the html templates are stored. The templates used to be stored
BF> in a seperate directory outside of the web root, as such
BF> |_ /templates/
BF> |_ /webroot/ModuleDir

BF> however it becomes cumbersome to keep track of which templates go to
BF> which php classes, so for organization sake having the template
BF> directory located beneath each module directory is easier to navigate.

BF> My problem is, anyone who realizes a particular application uses WASP
BF> can go to a url, say http://blah/module, and look at the html files
BF> in the template directory (ex. http://blah/module/templates). Is it
BF> too much of a security issue to justify this useful organization?
BF> Theoretically the addition of an .htaccess file in the templates
BF> directories could solve the problem, but is that compounding the
BF> issue even more? I guess I'm asking for someone to tell me it's ok
BF> to do it this way, but if nobody agrees I can change it back.

BF> Thanks for the input.
BF> -Brian


BF> /**
BF> * Brian Fioca
BF> * Chief Scientist / Sr. Technical Consultant
BF> * PangoMedia - http://pangomedia.com
BF> * @work 907.868.8092x108
BF> * @cell 907.440.6347
BF> */

What about:

|_ /templates/ModuleDir
|_ /webroot/ModuleDir


Or even better if the modules should not be accessed directly

|_ /Modules/ModuleDir
|_ /Modules/ModuleDir/templates/
|_ /webroot/

ModuleDir
--
regards,
Tom

[Back to original message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация