Hide your php pages. - Page 2

**pvera** · September 18th, 2004, 12:11 AM

Quote:

Originally Posted by darkzeroman

think this is a stupid question....but why would someone want to hide their php pages?

1. Looks nicer
2. Many search engines get confused with long URLs. These "flat" URLs look for all purposes like static html pages.
3. Whenever talking to a customer over the phone it is much easier to tell them to "go to oursite.com/clients" than to give them the longer URL. Basically we are giving them less of an opportunity to screw it up.

#3 is really painful, it happened to us so much that I had to convert pretty much all our public pages to use flat urls, then on top of that wrote a ripoff of tinyurl.com so we can take any URL and crunch it down to something easier for the customer to handle.

**sam** · September 18th, 2004, 1:25 AM

Quote:

Originally Posted by pvera

1. Looks nicer
2. Many search engines get confused with long URLs. These "flat" URLs look for all purposes like static html pages.
3. Whenever talking to a customer over the phone it is much easier to tell them to "go to oursite.com/clients" than to give them the longer URL. Basically we are giving them less of an opportunity to screw it up.

#3 is really painful, it happened to us so much that I had to convert pretty much all our public pages to use flat urls, then on top of that wrote a ripoff of tinyurl.com so we can take any URL and crunch it down to something easier for the customer to handle.

All 3 reasons - dead on.

**patrickb** · September 18th, 2004, 2:01 AM

Personally, I use this system for security believe it or not. I mean, if I can make a page be displayed by using an alias in the URL, I could name my contact, main, etc.. pages whatever I wanted (AXZHDHDhdl10289.php) and never have to worry with someone getting direct access to them. Keep your security tight in the main page and all works out well, though you should never forget about the other pages and their security.

Also, one side point, I see this in many scripts. If the file doesn't evaluate to something in the script, it is assumed that the file is still on the local system and valid. A lot of scripts automatically assume that the info passed to them is a valid file on the server, which is a big no-no.

Code:

default:
  include($act);
  break;

That code, or the respective code if you are using ifs or other statements is a setup for disaster. I have seen many scripts exploited because of this stupid idea of assuming it is going to be a file on your server.

September 18th, 2004, 2:01 AM	#12 (permalink)
patrickb the one who was Super #1 Joined in Jul 2003 Lives in Memphis 1,967 posts Gave thanks: 0 Thanked 3 times	Personally, I use this system for security believe it or not. I mean, if I can make a page be displayed by using an alias in the URL, I could name my contact, main, etc.. pages whatever I wanted (AXZHDHDhdl10289.php) and never have to worry with someone getting direct access to them. Keep your security tight in the main page and all works out well, though you should never forget about the other pages and their security. Also, one side point, I see this in many scripts. If the file doesn't evaluate to something in the script, it is assumed that the file is still on the local system and valid. A lot of scripts automatically assume that the info passed to them is a valid file on the server, which is a big no-no. Code: default: include($act); break; That code, or the respective code if you are using ifs or other statements is a setup for disaster. I have seen many scripts exploited because of this stupid idea of assuming it is going to be a file on your server. __________________ Patrick Warnings: The program(s) might crash unexpectedly or behave otherwise strangely. (But of course, so do many commercial programs on Windows.) --www.gimp.org

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Rate This Thread
Rate This Thread:

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)