defined( '_JEXEC' ) improvement attempt

For Joomla! 1.5 Coding related discussions, please use: http://groups.google.com/group/joomla-dev-general
Forum rules
Please use the mailing list here: http://groups.google.com/group/joomla-dev-general rather than this forum.
MrVon
Joomla! Intern
Joomla! Intern
Posts: 51
Joined: Fri Oct 23, 2009 4:47 am

defined( '_JEXEC' ) improvement attempt

Postby MrVon » Fri Feb 18, 2011 7:37 am

In index.php joomla has
define( '_JEXEC', 1 );

and in files that loaded by index.php it has
defined( '_JEXEC' ) or die( 'Restricted access' );

to protect from hackers. But is this really working? Person who trying to hack can just define this variable in his PHP file and protection is gone.

How about i define some random number in index.php like
define( '_JEXEC', 6785672845 );

and then in child files we i do

defined( '_JEXEC' ) or die( 'Restricted access' );
if !(_JEXEC = 6785672845 ) then die( 'Restricted access' );

smth like this makes more sense? or i just waste time and hacker can look up the 6785672845 value somehow?

User avatar
dylanjh
Joomla! Ace
Joomla! Ace
Posts: 1823
Joined: Fri Sep 22, 2006 6:22 pm
Location: UK
Contact:

Re: defined( '_JEXEC' ) improvement attempt

Postby dylanjh » Fri Feb 18, 2011 10:16 am

I see your point, however I think the point of define( '_JEXEC', 1 ); is simply to prevent a user (hacker or otherwise) from trying to directly access files that should never be run directly. A Componets controller for example.
Additionally, in order for the hacker to run the file (with define( '_JEXEC', 1 ); ) they would have to get thier own php file onto your server.
EmailAsUsername - Remove Usernames Joomla! Virtuemart And JomSocial registration http://www.lunarhotel.co.uk Many other extensions supported.

User avatar
kurchania
Joomla! Hero
Joomla! Hero
Posts: 2070
Joined: Mon Sep 21, 2009 6:56 am
Location: indore,india
Contact:

Re: defined( '_JEXEC' ) improvement attempt

Postby kurchania » Fri Feb 18, 2011 10:29 am

hi MrVon,
JEXEC use to see if the file is being called from within a Joomla! session.
this type of core hacking of joomla framework can cause you lot of trouble.if you want to protect your directory than you can use htaccess to prevent it.
this is waste of time dude.as it will make your application to manage by any other person and every time if you insert new component ,module and plugin you need to manually replace all this files in framework.
but view can differ.

Regards
Abhijeet
abhijeet kurchania
The future depends on what you do today

MrVon
Joomla! Intern
Joomla! Intern
Posts: 51
Joined: Fri Oct 23, 2009 4:47 am

Re: defined( '_JEXEC' ) improvement attempt

Postby MrVon » Wed Feb 23, 2011 2:13 pm

There are programs that can replace text in files that not open e.g. all files in one folder you run find x replace with y and nothing to do really... e.g. notepad ++ search in files


dylanjh i just understood that php is only on the server and empty html code on browser, i kind of forgot that when i was creating this thread...

What is Componets controller can you explain why it cant should not be run directly?

User avatar
dylanjh
Joomla! Ace
Joomla! Ace
Posts: 1823
Joined: Fri Sep 22, 2006 6:22 pm
Location: UK
Contact:

Re: defined( '_JEXEC' ) improvement attempt

Postby dylanjh » Wed Feb 23, 2011 3:56 pm

A components controller is the "business logic" of a component. Its all to do with the MVC model joomla uses.

In terms of why it should be run directly, its just how the Joomla framework runs. For example, you will notice that every page on your Joomla site, it rendered from /index.php

Components are not designed to be run outside of this framework, hence

defined( '_JEXEC' ) or die( 'Restricted access' );
EmailAsUsername - Remove Usernames Joomla! Virtuemart And JomSocial registration http://www.lunarhotel.co.uk Many other extensions supported.

User avatar
kurchania
Joomla! Hero
Joomla! Hero
Posts: 2070
Joined: Mon Sep 21, 2009 6:56 am
Location: indore,india
Contact:

Re: defined( '_JEXEC' ) improvement attempt

Postby kurchania » Wed Feb 23, 2011 4:14 pm

abhijeet kurchania
The future depends on what you do today


Return to “Joomla! 1.5 Coding”

Who is online

Users browsing this forum: No registered users and 3 guests