I agree 100% with Kornel
As a sidenote: I you are using Apache and would like to restrict access
to template sources altogether, simple drop an .htaccess file with the
following content in the template source directory:
Deny From All
You probably know this anyways, but I'm just sharing this common
principle for restriciting public access on a per-directory basis,
especially for things containing sensitive stuff (like configuration
files with database connection params). This, off course, only works if
the server is set up to allow .htaccess overrides for the given virtual
host / document root / directory / whatever.
Have fun,
Werner
Kornel Lesiński wrote:
On 07-11-2008 at 09:38:13 Zbyněk Nevrlý <[EMAIL PROTECTED]> wrote:
Hi,
I am using PHPTAL for seperate business logic from presentation. So
there
are controllers, model classes and views (HTML templates). Problem is
there views/*.html are accessible from direct calling through URL (I
need to have views in public_html for Javascript and Ajax dependencies).
This shouldn't matter. Filesystem paths of template files are
unrelated to URLs - you can put PHPTAL templates anywhere you want,
even if templates use Javascript and other files from public_html.
Is there any common practices to protect those *.html from
unauthorized users?
You should move template files outside document root or configure web
server to deny direct access to these files (browsers *never* need to
download template files).
<?php session_start(); if (!$auth->isAuthorized) { redirect to login
form here} ?>
Is possible to do that way?
It sort-of is, but that's a wrong problem to solve :)
_______________________________________________
PHPTAL mailing list
PHPTAL@lists.motion-twin.com
http://lists.motion-twin.com/mailman/listinfo/phptal
