EllisLab text mark
Advanced Search
     
Is it best practice to restrict direct access to view files?
 
rei
Posted: 08 August 2012 01:38 AM   [ Ignore ]
Avatar
Joined: 2012-06-09
82 posts

Is it best practice to restrict direct access to view files? Or I just need to restrict direct access to my controllers and models? Please give me suggestions.thanks smile
 
Aken
Posted: 08 August 2012 01:48 AM   [ Ignore ]   [ # 1 ]   [ Rating: 0 ]
Avatar
Joined: 2007-11-28
2435 posts

If your views are in the application folder, they are already restricted.
 
Daniel Moore
Posted: 08 August 2012 09:01 AM   [ Ignore ]   [ # 2 ]   [ Rating: 0 ]
Avatar
Joined: 2008-05-09
234 posts

Yes, it is best practice (just to confirm that part.)  But as Aken said, if the views are in the application folder, they are already restricted.

I generally set up my application to where everything except index.php and my assets folder (images and css) are outside of the web root in order to make securing it all a bit easier.

 Signature 

Daniel Moore
http://www.danielwmoore.com
Using .htaccess to remove index.php
 
CroNiX
Posted: 08 August 2012 01:08 PM   [ Ignore ]   [ # 3 ]   [ Rating: 0 ]
Avatar
Joined: 2009-02-19
3799 posts
Aken - 08 August 2012 01:48 AM

If your views are in the application folder, they are already restricted.

Assuming you are on an Apache server.

 Signature 
 
carllawl
Posted: 09 August 2012 09:37 PM   [ Ignore ]   [ # 4 ]   [ Rating: 0 ]
Joined: 2010-08-21
6 posts

Yeah they should already be restricted by default! gulp
 
rei
Posted: 10 August 2012 09:27 AM   [ Ignore ]   [ # 5 ]   [ Rating: 0 ]
Avatar
Joined: 2012-06-09
82 posts

Thank you very much for all ur help guys! smile So it means I dont need to restrict it manually because it is safe when it is in the applications folder smile