ionCube Logo
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


 
Post new topic   Reply to topic    ionCube Forum Index -> ionCube PHP Encoder

Include unencoded file with Include Attack Prevention?

Author Message
mrleex



Joined: 23 May 2015
Posts: 1

PostPosted: Sat May 23, 2015 3:37 pm    Post subject: Include unencoded file with Include Attack Prevention? Reply with quote

I have a file named config.php which shouldn't be encoded because user need to fill it with database information, I enabled include attack prevention and copy the config.php using --copy "@/config.php", and then here is the question, other files cannot include this config.php because it have no appropriate property, How can I include config.php while enabling include attack prevention?
Back to top
View user's profile Send private message
liaison
ionCube Support


Joined: 16 Dec 2004
Posts: 2788

PostPosted: Wed May 27, 2015 7:43 pm    Post subject: Reply with quote

The general idea is to encode the file that includes the unencoded file separately so that it has the necessary file property but does not itself use include attack protection. Doing this ensures that the encoded file that includes the config file can be included by other encoded files, and also that it can include a non-encoded file. If you had many files that included the config file, create an encoded config file wrapper as described above and have the encoded files include the wrapper instead,
_________________
Community Admin
Back to top
View user's profile Send private message
jecker



Joined: 25 Oct 2015
Posts: 5

PostPosted: Sun Oct 25, 2015 8:59 pm    Post subject: IonCube version 9 with Same issue Reply with quote

I am running in to the same issue. I rebuilt the project with the example config.php file, and I still receive the error:

PHP Fatal error: <br>The encoded file <b>/var/www/html/index.php</b> included the unauthorised file /var/www/config.php

Any suggestions?
Back to top
View user's profile Send private message
liaison
ionCube Support


Joined: 16 Dec 2004
Posts: 2788

PostPosted: Mon Oct 26, 2015 6:31 pm    Post subject: Reply with quote

Hi

The guidance previously should help. Keep in mind that the feature is designed precisely so that non-encoded files *cannot* be used.
_________________
Community Admin
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    ionCube Forum Index -> ionCube PHP Encoder All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum