Login

eldan88 · 05-21-2015, 12:08 PM

Hey Guys,

I was wondering if I should put

PHP Code:
defined('BASEPATH') OR exit('No direct script access allowed'); 

On my view files, along with my controller and model files

Thanks!

CroNiX · 05-21-2015, 12:21 PM

You should put it at the top of EVERY file you create in /application. It just helps to ensure no one can execute code without it being processed through index.php, so someone can't directly execute http://yoursite.com/application/views/view_name.php in your view example.

mwhitney · 05-21-2015, 12:42 PM

If your code is in a public area on your server, and you're concerned that a view will be executed directly, then it might be worthwhile to do this. In the end, though, you could probably choose something more relevant to check if you have a specific security concern in a view.

Bonfire

Practical CodeIgniter 3
CodeIgniter Testing Guide

RoverWire · 05-21-2015, 12:45 PM

I think that you can protect your application folder access with .htaccess or putting out of the document root dir, instead modifying each view file.

Personally I prefer the less php code as possible on views

eldan88 · 05-22-2015, 04:50 AM

Okay got it! Will do . Thanks for your help!