Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

PHP: Is it secure to use index.php as the bootstrap?

I ask because it seems like the only thing ever called in a proper app index.php file is the require_once bootstrap file. I'm assuming this adds a layer of security but if not, this pattern seems pointless. Why not just use the index.php file as the bootstrap? Any opinions, cautions, thoughts etc. are appreciated!

(By the way, my htaccess file is routing all requests to the index.php file...)

like image 300
shanebo Avatar asked Dec 22 '22 00:12

shanebo


1 Answers

There is no inherent security difference, no matter whether you have your bootstrapoing process in the index file or a separate one.

Having a separate file is usually due to organization concerns (e.g. to have a file that can be included from elsewhere to import your app's functions, or to put all the tasks in properly named files, or to make it especially easy to add custom extensions to the boot process).

However, configuration files containing sensitive information - sometimes, more rarely, even all PHP files at all except for the index file - will be placed outside the web root where possible. That will make a security difference in that PHP files can not be accessed from outside in case of an accidental server misconfiguration.

like image 167
Pekka Avatar answered Dec 28 '22 11:12

Pekka