The Joomla! Forum ™



Forum rules


Please use the mailing list here: http://groups.google.com/group/joomla-dev-general rather than this forum.



Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 6 posts ] 
Author Message
PostPosted: Fri Feb 18, 2011 7:37 am 
Joomla! Intern
Joomla! Intern

Joined: Fri Oct 23, 2009 4:47 am
Posts: 51
In index.php joomla has
define( '_JEXEC', 1 );

and in files that loaded by index.php it has
defined( '_JEXEC' ) or die( 'Restricted access' );

to protect from hackers. But is this really working? Person who trying to hack can just define this variable in his PHP file and protection is gone.

How about i define some random number in index.php like
define( '_JEXEC', 6785672845 );

and then in child files we i do

defined( '_JEXEC' ) or die( 'Restricted access' );
if !(_JEXEC = 6785672845 ) then die( 'Restricted access' );

smth like this makes more sense? or i just waste time and hacker can look up the 6785672845 value somehow?


Top
 Profile  
 
PostPosted: Fri Feb 18, 2011 10:16 am 
User avatar
Joomla! Ace
Joomla! Ace

Joined: Fri Sep 22, 2006 6:22 pm
Posts: 1823
Location: UK
I see your point, however I think the point of define( '_JEXEC', 1 ); is simply to prevent a user (hacker or otherwise) from trying to directly access files that should never be run directly. A Componets controller for example.
Additionally, in order for the hacker to run the file (with define( '_JEXEC', 1 ); ) they would have to get thier own php file onto your server.

_________________
EmailAsUsername - Remove Usernames Joomla! Virtuemart And JomSocial registration http://www.lunarhotel.co.uk Many other extensions supported.


Top
 Profile  
 
PostPosted: Fri Feb 18, 2011 10:29 am 
User avatar
Joomla! Hero
Joomla! Hero

Joined: Mon Sep 21, 2009 6:56 am
Posts: 2068
Location: indore,india
hi MrVon,
JEXEC use to see if the file is being called from within a Joomla! session.
this type of core hacking of joomla framework can cause you lot of trouble.if you want to protect your directory than you can use htaccess to prevent it.
this is waste of time dude.as it will make your application to manage by any other person and every time if you insert new component ,module and plugin you need to manually replace all this files in framework.
but view can differ.

Regards
Abhijeet

_________________
abhijeet kurchania
The future depends on what you do today


Top
 Profile  
 
PostPosted: Wed Feb 23, 2011 2:13 pm 
Joomla! Intern
Joomla! Intern

Joined: Fri Oct 23, 2009 4:47 am
Posts: 51
There are programs that can replace text in files that not open e.g. all files in one folder you run find x replace with y and nothing to do really... e.g. notepad ++ search in files


dylanjh i just understood that php is only on the server and empty html code on browser, i kind of forgot that when i was creating this thread...

What is Componets controller can you explain why it cant should not be run directly?


Top
 Profile  
 
PostPosted: Wed Feb 23, 2011 3:56 pm 
User avatar
Joomla! Ace
Joomla! Ace

Joined: Fri Sep 22, 2006 6:22 pm
Posts: 1823
Location: UK
A components controller is the "business logic" of a component. Its all to do with the MVC model joomla uses.

In terms of why it should be run directly, its just how the Joomla framework runs. For example, you will notice that every page on your Joomla site, it rendered from /index.php

Components are not designed to be run outside of this framework, hence

defined( '_JEXEC' ) or die( 'Restricted access' );

_________________
EmailAsUsername - Remove Usernames Joomla! Virtuemart And JomSocial registration http://www.lunarhotel.co.uk Many other extensions supported.


Top
 Profile  
 
PostPosted: Wed Feb 23, 2011 4:14 pm 
User avatar
Joomla! Hero
Joomla! Hero

Joined: Mon Sep 21, 2009 6:56 am
Posts: 2068
Location: indore,india
@MrVon
http://docs.joomla.org/JEXEC

_________________
abhijeet kurchania
The future depends on what you do today


Top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 6 posts ] 



Who is online

Users browsing this forum: No registered users and 19 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group