The session "userdata" is always set to "Errors 404" ... |
[eluser]vitoco[/eluser]
i'll agree on the server load issue, the database inconsistency it's only possible on a poor security and validation of access and data. In the point of : " And it’s less secure, because it allows direct access to all files and directories that exist in the docroot." can you please be more specific?, cause i use this kind of rewrite conditions and if it opens a hole in the server, i have to close it.
[eluser]WanWizard[/eluser]
Most rewrite rules (and that include the ones advocated here), follow the simple "if it's not a file, and it's not a directory, rewrite it to index.php" rule. Which means that you can access ANY existing file in the docroot, so you have to be extremely careful with what can write where in that docroot. Uploading an image that isn't an image is enough to hack your way in. I had to fix a site once where a hacker used this loophole to install a crontab for the apache user, which in turn ran a process that threw the door wide open. It also means you can't have a controller called 'system' (as http://website/system exists, and probably others as well) so it reduces flexibility. By default, I exclude /assets, and rewrite every other request to index.php. If I need extra functionality, I write a specific exclude for it that only applies to that functionality. My default file looks like this: Code: <IfModule mod_rewrite.c>
|
Welcome Guest, Not a member yet? Register Sign In |