Should the view files also incude defined('BASEPATH') OR exit... |
Hey Guys,
I was wondering if I should put PHP Code: defined('BASEPATH') OR exit('No direct script access allowed'); On my view files, along with my controller and model files Thanks!
You should put it at the top of EVERY file you create in /application. It just helps to ensure no one can execute code without it being processed through index.php, so someone can't directly execute http://yoursite.com/application/views/view_name.php in your view example.
If your code is in a public area on your server, and you're concerned that a view will be executed directly, then it might be worthwhile to do this. In the end, though, you could probably choose something more relevant to check if you have a specific security concern in a view.
I think that you can protect your application folder access with .htaccess or putting out of the document root dir, instead modifying each view file.
Personally I prefer the less php code as possible on views |
Welcome Guest, Not a member yet? Register Sign In |