Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Some applications use this code as FIRST LINE on every page included by the index.php:
if (!defined('SECURE_CONST')) { die("Access denied!"); }
Why do they need to use this? Is it necessary for security? If yes, how can I use it properly?
It’s done to ensure that the files are not executed directly. For example:
/index.php/include_me.phpThen, if
http://example.com/index.phpis requestedSECURE_CONSTwill be defined and sodie()will not be invoked wheninclude_me.phpis included. However, ifhttp://example.com/include_me.phpis requested directly,SECURE_CONSTis never defined and so the script bails.If your web server is configured securely–i.e. files not intended to be accessed directly are outside the web root or in a directory made inaccessible by e.g.
.htaccess–this should be unnecessary. Developers who use “security” measures like this probably do so because they assume, rightly, that many people using their software will not take the time to understand the security issues and configure their servers properly, and so use methods like this as a failsafe.