Thread

I’ve read this article on YCnews the other day. Dunno if any of you dudes know what’s up with the recent FaceBook PHP source code leakage. But this brings me to a concern about CI as well. Does CI have this problem already licked? Or do we have to make some sort of fix on this?

http://www.nik.com.au/archives/2007/08/11/learning-from-facebook-preventing-php-leakage/

The problem is nothing to do with CI, it is you and how your server is setup. If you follow the information on the link you will see.

For the most part the only code that would ever get exposed is index.php which is universal to all CI installs anyway, then all you need to do is put a .htaccess denying all access to your system folder so its never web accessable (or better, put it below the web root) and voila! No code leakage ever.

Facebook’s downfall in that regard is they don’t seem to be fans of OOP, they just have lots of files around.

And don’t forget that security by obscurity is not security at all.  Developed properly, having your source code known to the whole world shouldn’t compromise your site.

Agree with all.

I looked over Facebook’s code yesterday and cringed at all of the includes and requires.  Reminded me of all the frankenapps I have built in the past.

MVC is nice.

Haha - yeah, reminds me of WoWCensus.com.

Rather than using RegEx to parse user’s logfiles and pull out statistical data, I broke the file up into an array with each key holding a line from the file. Then I parsed that line into an array (space delimited), then used a series of if statements to determine if the line I was reading was something I was interested in storing in the database or not.

God it was a mess - I feel sorry for the people at IGE that had to read that code after they purchased it. Probably the reason it never came back (besides the fact that they refused to backup my database, which stored all of the data).