Talk Arcades - View Single Post

toad · 07-14-2006, 07:00 AM

This is a duplicate of a topic i made over at the arcade webmasters forum, but i think it contains some pretty useful infomation so i'll share it with any GS users here aswell.

Imagine you've just spent $200 or so on a new custom design for your GameScript powered arcade. Awesome you think, you will stand out from the crowd with this!

But is it secure? I was tweaking a few things today on my new layout when i realised just how easy it would be for anyone to come along and steal all your layout with virtually no effort.

I was having a nose around, and see a lot of sites have forbidden access to the directories but anyone who has their own copy of GameScript will know the filenames (which are still 100%readable) and copy to their hearts content.

I will use ianag as an example, as it is still site listed as the GameScript demo and doesn't have any template modification.

When trying to view http://www.ianag.com/arcade/templates/ we get a 403 Forbidden error. But i can just look in my gamescript folder, to find http://www.ianag.com/arcade/template...ult/header.tpl which to me, after spending money to get something personal to my site was a real concern.

There are a number of options to prevent access.

The most secure option would be to keep all .tpl files outside of your public_html directory - however this is a pain if you are using a pre-built system like GameScript so this method isn't really feasible.

You could make some obscure random filenames, but it would be time consuming and no real solution.

There is one simple easy solution that i'm using.
Add the following to your .htaccess file:

Code:

<Files ~ "\.(tpl|inc|)$">
order deny,allow
deny from all
</files>

I've also included the .inc extension, which the PM related files use.

As you should see, http://www.gametoads.com/templates/default/index.tpl is now hidden away from public view.

And there you go. Obiously this isn't going to provide 100% security, however it is a very easy little addition that will make it much harder for anyone attempting to look at files they shouldn't be or trying to take your work.

07-14-2006, 07:00 AM	#1 (permalink)
toad New Member Join Date: Jul 2006 Posts: 6	Protect your layout! This is a duplicate of a topic i made over at the arcade webmasters forum, but i think it contains some pretty useful infomation so i'll share it with any GS users here aswell. Imagine you've just spent $200 or so on a new custom design for your GameScript powered arcade. Awesome you think, you will stand out from the crowd with this! But is it secure? I was tweaking a few things today on my new layout when i realised just how easy it would be for anyone to come along and steal all your layout with virtually no effort. I was having a nose around, and see a lot of sites have forbidden access to the directories but anyone who has their own copy of GameScript will know the filenames (which are still 100%readable) and copy to their hearts content. I will use ianag as an example, as it is still site listed as the GameScript demo and doesn't have any template modification. When trying to view http://www.ianag.com/arcade/templates/ we get a 403 Forbidden error. But i can just look in my gamescript folder, to find http://www.ianag.com/arcade/template...ult/header.tpl which to me, after spending money to get something personal to my site was a real concern. There are a number of options to prevent access. The most secure option would be to keep all .tpl files outside of your public_html directory - however this is a pain if you are using a pre-built system like GameScript so this method isn't really feasible. You could make some obscure random filenames, but it would be time consuming and no real solution. There is one simple easy solution that i'm using. Add the following to your .htaccess file: Code: <Files ~ "\.(tpl\|inc\|)$"> order deny,allow deny from all </files> I've also included the .inc extension, which the PM related files use. As you should see, http://www.gametoads.com/templates/default/index.tpl is now hidden away from public view. And there you go. Obiously this isn't going to provide 100% security, however it is a very easy little addition that will make it much harder for anyone attempting to look at files they shouldn't be or trying to take your work.