Is the using of dirname(__FILE__) a security risk?
https://stackoverflow.com/questions/12983581
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
looking at the code of Joomla I see that in the first line of the index, it defines the base path of installation with the
dirname(__FILE__)
is this a font of possible risk for the site, I mean if a non controlled error message show the internal path of the Joomla directory, because of, for example a failed include, can it be used to perform some kind of attack to the site ? If yes, is it convenient to use this function ? Any idea is welcome.
Thanks
Solution
The use of that construction is fine and not a security risk by itself. The security risk you highlighted is showing error messages to end users on production sites. You shouldn't do that! Turn off error reporting. You can change the appropriate setting in the php.ini, or if you don't have access to php.ini, you can do it at the beginning of your code like this:
error_reporting(0);
@ini_set('display_errors', 0);
