On Tue, 26 Aug 2003 08:44:59 -0700, you wrote: >I have an application that consists of some 30 php modules. Each one links >to another, as you can imagine. How can I create a security mechanism that >only allows the modules in my system to be called from one-another? I do >nto want any of the modules to be called by typing them on the address bar. >Of course, sessions takes care of folks who have not logged into the >system, btu I don;t want registered users hacking around either. > >I though of using HTTP_REFERER as a handshake restrictor, but it seems to >be unstable and unreliable. Any suggestions?
What do you mean by "called"? They include() each other? What level of access does a "registered user" have? If you don't want something to be accessible via a URL, then don't put it in the webroot. Move the modules into an external directory, and include them in. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
