Restricting direct access to your view-files in CodeIgniter?


I’m new to CodeIgniter, I was wondering if it’s considered a good practice to restrict direct access to your view-files? Obviously they are going to contain a lot of php-code that relies on variables and what not passed to them from the controller, so the php-code could easily come up with an error if it’s directly accessed couldn’t it?

Bonus question: Why are the helpers, libraries, hooks etc. folders empty in the application folder?

Thanks for your time.

3/5/2010 12:02:36 AM

Accepted Answer

The main reason nobody bothers to restrict access to their view files is because they will either fatal error or show a useless page.

If people want to go to the effort of trying to work out your folder structure and file names, they will be rewarded with... absolutely nothing. You would have to write some really crazy code to make a view insecure.

If you REALLY want to secure them, go ahead.

At the top of your view, enter:

<?php if (!defined('BASEPATH')) exit('No direct script access allowed'); ?>
3/5/2010 3:04:03 PM

user, if you are on a shared host and they don't allow access to anything else than wwwroot folder, you can create a subfolder (name it "private") and write its .htaccess file to deny all requests to this subfolder. Then you can place the system and application folders of codeigniter in this subfolder and place your index.php folder in the regular location (changing the "system" and "application" variables inside index.php to correctly reflect the new paths) and that way all code is secure from direct access. :-)

edited: About the folders question, its a scope thing. The helpers, libraries, hooks application folders are for application specific items. Maybe ones you custom create, or maybe ones downloaded from a third party. But the idea is that you have "system-wide" items and then you have "application-wide" items. Having application folders allows you to extend system-wide items to meet the specific application needs (see more @ This doesn't make too much sense with one application, but if your installation has multiple applications, thats really where this comes in handy.

Licensed under: CC-BY-SA with attribution
Not affiliated with: Stack Overflow