Joomla! Forum - community, help and support

Joomla! Community, help and support.
https://forum.joomla.org/

defined( '_JEXEC' ) improvement attempt

https://forum.joomla.org/viewtopic.php?f=304&t=595394

Page 1 of 1

defined( '_JEXEC' ) improvement attempt

Posted: Fri Feb 18, 2011 7:37 am
by MrVon
In index.php joomla has
define( '_JEXEC', 1 );

and in files that loaded by index.php it has
defined( '_JEXEC' ) or die( 'Restricted access' );

to protect from hackers. But is this really working? Person who trying to hack can just define this variable in his PHP file and protection is gone.

How about i define some random number in index.php like
define( '_JEXEC', 6785672845 );

and then in child files we i do

defined( '_JEXEC' ) or die( 'Restricted access' );
if !(_JEXEC = 6785672845 ) then die( 'Restricted access' );

smth like this makes more sense? or i just waste time and hacker can look up the 6785672845 value somehow?

Re: defined( '_JEXEC' ) improvement attempt

Posted: Fri Feb 18, 2011 10:16 am
by dylanjh
I see your point, however I think the point of define( '_JEXEC', 1 ); is simply to prevent a user (hacker or otherwise) from trying to directly access files that should never be run directly. A Componets controller for example.
Additionally, in order for the hacker to run the file (with define( '_JEXEC', 1 ); ) they would have to get thier own php file onto your server.

Re: defined( '_JEXEC' ) improvement attempt

Posted: Fri Feb 18, 2011 10:29 am
by kurchania
hi MrVon,
JEXEC use to see if the file is being called from within a Joomla! session.
this type of core hacking of joomla framework can cause you lot of trouble.if you want to protect your directory than you can use htaccess to prevent it.
this is waste of time dude.as it will make your application to manage by any other person and every time if you insert new component ,module and plugin you need to manually replace all this files in framework.
but view can differ.

Regards
Abhijeet

Re: defined( '_JEXEC' ) improvement attempt

Posted: Wed Feb 23, 2011 2:13 pm
by MrVon
There are programs that can replace text in files that not open e.g. all files in one folder you run find x replace with y and nothing to do really... e.g. notepad ++ search in files


dylanjh i just understood that php is only on the server and empty html code on browser, i kind of forgot that when i was creating this thread...

What is Componets controller can you explain why it cant should not be run directly?

Re: defined( '_JEXEC' ) improvement attempt

Posted: Wed Feb 23, 2011 3:56 pm
by dylanjh
A components controller is the "business logic" of a component. Its all to do with the MVC model joomla uses.

In terms of why it should be run directly, its just how the Joomla framework runs. For example, you will notice that every page on your Joomla site, it rendered from /index.php

Components are not designed to be run outside of this framework, hence

defined( '_JEXEC' ) or die( 'Restricted access' );

Re: defined( '_JEXEC' ) improvement attempt

Posted: Wed Feb 23, 2011 4:14 pm
by kurchania
@MrVon
http://docs.joomla.org/JEXEC
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/