a_bertrand Posted January 10, 2013 Share Posted January 10, 2013 Chainging too much of an engine could lead to future incompatibilities for the person doing it so, for example if you rename the directory modules with "mod" any modules relying in the previous structure will break and you will need to edit them by hand. As I saw gmoore is thinking of (or already did?) change all admin modules directories and added an index.php file on each mod, I was wondering how I could try to help him in some manner. My proposal would be that during the installation of the module, the directory of the module would be made somehow unique, like instead of admin_panel you would have admin_panel_56ae where the last 4 numbers are like a CRC of your license + the module name. With such change each game install (with a different serial that's it) would have different modules directories. That would have quiet some impact on the current code, and modules, but could be still done (as option) if you guys think it's of some value. Of course we could also add a default index.php files on each directory as well if you wish so :P Let me know what you think. Quote Link to comment Share on other sites More sharing options...
Someone Posted January 10, 2013 Share Posted January 10, 2013 I am gonna sleep on this one before answering. Could be quite a task for you to implement. Quote Link to comment Share on other sites More sharing options...
orsino Posted January 10, 2013 Share Posted January 10, 2013 i voted no because this will take to mutch time . i would rather like to see that bertrand put his time in make new modules . Quote Link to comment Share on other sites More sharing options...
Djkanna Posted January 10, 2013 Share Posted January 10, 2013 Unfortunately I do not see the benefits over the cost of doing something like this, when htaccess will provide the same results, with a lot less work. Quote Link to comment Share on other sites More sharing options...
a_bertrand Posted January 10, 2013 Author Share Posted January 10, 2013 the .htaccess file at the modules directory level already prevent browsing of the directory. Only a couple of files (css, gif, png, jpeg) are viewable and only in a couple of modules. Personally I don't see the need for it, however as said, if you guys think it's something really useful I'm always open to debate it. Quote Link to comment Share on other sites More sharing options...
john-doe Posted January 10, 2013 Share Posted January 10, 2013 No, way too over complicated for a simple problem with a simple solution just move the folders above the web root but the public files (css, js, images and front controller) and you're fine... Quote Link to comment Share on other sites More sharing options...
gmoore Posted January 10, 2013 Share Posted January 10, 2013 (edited) Honestly, I appreciate the 'notoriety' but I am following some of the best practices I have used and been told to use before. I did not really expect the community to do what I do. I am however posting my ideas and comments, as I notice them, in the hopes people can benefit or ignore them. This may be ALOT of work and I want you focus on what makes the engine great. I willing to commit the time, I don't think you should have to. I work on the concept, trust nothing (even .htaccess, only because I don't trust a hosting company to mess with apache randomly). So I put several layers of things in there. So I vote no, lol. But I REALLY appreciate you trying to help me! (I won't even mentioned my rotating directory names concept, not implemented. Nor getting all code out of the web root directory. etc) Greg Edited January 10, 2013 by gmoore Quote Link to comment Share on other sites More sharing options...
a_bertrand Posted January 10, 2013 Author Share Posted January 10, 2013 Ok was just to go in your direction ;) BTW if you are so much scared of security, maybe PHP is not your best bet... Quote Link to comment Share on other sites More sharing options...
gmoore Posted January 10, 2013 Share Posted January 10, 2013 Not scared, paranoid. All languages have security risks. Most of them self induced I think lol Greg Quote Link to comment Share on other sites More sharing options...
a_bertrand Posted January 10, 2013 Author Share Posted January 10, 2013 Every code may contain (and will contain) security issues, however parsed language like PHP tend to have yet more issues. Java and C# are a bit less sensitive to it. Also ASP.NET offers some good security tricks and practice which makes it in my opinion (I know Octarine will not agree) are already much better than PHP. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.