Proposal to follow gmoore

[a_bertrand]

Chainging too much of an engine could lead to future incompatibilities for the person doing it so, for example if you rename the directory modules with "mod" any modules relying in the previous structure will break and you will need to edit them by hand.

As I saw gmoore is thinking of (or already did?) change all admin modules directories and added an index.php file on each mod, I was wondering how I could try to help him in some manner.

My proposal would be that during the installation of the module, the directory of the module would be made somehow unique, like instead of admin_panel you would have admin_panel_56ae where the last 4 numbers are like a CRC of your license + the module name.

With such change each game install (with a different serial that's it) would have different modules directories.

That would have quiet some impact on the current code, and modules, but could be still done (as option) if you guys think it's of some value. Of course we could also add a default index.php files on each directory as well if you wish so :P

Let me know what you think.

[Someone]

I am gonna sleep on this one before answering. Could be quite a task for you to implement.

[orsino]

i voted no

because this will take to mutch time .

i would rather like to see that bertrand put his time in make new modules .

[Djkanna]

Unfortunately I do not see the benefits over the cost of doing something like this, when htaccess will provide the same results, with a lot less work.

[a_bertrand]

the .htaccess file at the modules directory level already prevent browsing of the directory. Only a couple of files (css, gif, png, jpeg) are viewable and only in a couple of modules. Personally I don't see the need for it, however as said, if you guys think it's something really useful I'm always open to debate it.

[john-doe]

No, way too over complicated for a simple problem with a simple solution just move the folders above the web root but the public files (css, js, images and front controller) and you're fine...

[gmoore]

Honestly, I appreciate the 'notoriety' but I am following some of the best practices I have used and been told to use before. I did not really expect the community to do what I do. I am however posting my ideas and comments, as I notice them, in the hopes people can benefit or ignore them. This may be ALOT of work and I want you focus on what makes the engine great. I willing to commit the time, I don't think you should have to. I work on the concept, trust nothing (even .htaccess, only because I don't trust a hosting company to mess with apache randomly). So I put several layers of things in there.

So I vote no, lol. But I REALLY appreciate you trying to help me!

(I won't even mentioned my rotating directory names concept, not implemented. Nor getting all code out of the web root directory. etc)

Greg

Edited January 10, 2013 by gmoore

[a_bertrand]

Ok was just to go in your direction ;)

BTW if you are so much scared of security, maybe PHP is not your best bet...

[gmoore]

Not scared, paranoid. All languages have security risks. Most of them self induced I think lol

Greg

[a_bertrand]

Every code may contain (and will contain) security issues, however parsed language like PHP tend to have yet more issues. Java and C# are a bit less sensitive to it. Also ASP.NET offers some good security tricks and practice which makes it in my opinion (I know Octarine will not agree) are already much better than PHP.