Secure templates? |
[eluser]Unknown[/eluser]
Hi there, I'm new to CodeIgniter and noticed that the templates include php code, which is great, since they work faster and make it easier to deal with them. But, is it possible to somehow restrict the functionality of the php that is run on a template? I hire artists to do the interface work in my projects, and I give them access to the templates directory so they can upload files and test them easily. But if those templates are php templates then they could also execute code that could compromise the security (or even steal the data, or the sources). I guess the simplest solution is to use a template engine, but I love the fact that the template can include php code, is just I'd like it to be restricted to certain functions only. I'm not sure if thats possible at all, and in case its not, which kind of security measures do you take? Thanks in advance
[eluser]InsiteFX[/eluser]
Hi, You could use an auth system and check to see if they are a tester etc. You would check this in your controller. This way you could still just past the $data array to your view and in your view still allow php code but you would be controlling the code from your controller. Enjoy InsiteFX
[eluser]Unknown[/eluser]
Thanks for your reply! Unfortunatelly I dont understand how can this prevent the templates from using functions I dont want them to use, ie. file()
[eluser]InsiteFX[/eluser]
The auth library will allow you to restict access to parts of your controller. A good Auth library will have either roles or groups which you can assign users to. Example: Role - Admin Role - Editor Role - Designer Then you would wrap your code around these roles. As above the designer can not access any parts that are allowed for Editor and Admin. Here is a good one: http://programmersvoice.com/codeigniter/...rary-1-0-6 Enjoy InsiteFX
[eluser]Phil Sturgeon[/eluser]
There is no way to filter what PHP somebody can use... well... REALLY really f**king difficult. Code: file(); See what I'm getting at? |
Welcome Guest, Not a member yet? Register Sign In |