Protect your layout!

toad · 07-14-2006, 06:00 AM

This is a duplicate of a topic i made over at the arcade webmasters forum, but i think it contains some pretty useful infomation so i'll share it with any GS users here aswell.

Imagine you've just spent $200 or so on a new custom design for your GameScript powered arcade. Awesome you think, you will stand out from the crowd with this!

But is it secure? I was tweaking a few things today on my new layout when i realised just how easy it would be for anyone to come along and steal all your layout with virtually no effort.

I was having a nose around, and see a lot of sites have forbidden access to the directories but anyone who has their own copy of GameScript will know the filenames (which are still 100%readable) and copy to their hearts content.

I will use ianag as an example, as it is still site listed as the GameScript demo and doesn't have any template modification.

When trying to view http://www.ianag.com/arcade/templates/ we get a 403 Forbidden error. But i can just look in my gamescript folder, to find http://www.ianag.com/arcade/template...ult/header.tpl which to me, after spending money to get something personal to my site was a real concern.

There are a number of options to prevent access.

The most secure option would be to keep all .tpl files outside of your public_html directory - however this is a pain if you are using a pre-built system like GameScript so this method isn't really feasible.

You could make some obscure random filenames, but it would be time consuming and no real solution.

There is one simple easy solution that i'm using.
Add the following to your .htaccess file:

Code:

<Files ~ "\.(tpl|inc|)$">
order deny,allow
deny from all
</files>

I've also included the .inc extension, which the PM related files use.

As you should see, http://www.gametoads.com/templates/default/index.tpl is now hidden away from public view.

And there you go. Obiously this isn't going to provide 100% security, however it is a very easy little addition that will make it much harder for anyone attempting to look at files they shouldn't be or trying to take your work.

PlatinumN23 · 07-14-2006, 01:44 PM

Excellent Job..

BTW; Welcome to the Forums

bigarte · 07-15-2006, 03:51 AM

I saw this at ArcadeWebmasters forum but passed over it. I have now re-read it here. Thanks for sharing this. Much appreciated.

07-14-2006, 06:00 AM	#1 (permalink)
toad New Member Join Date: Jul 2006 Posts: 6	Protect your layout! This is a duplicate of a topic i made over at the arcade webmasters forum, but i think it contains some pretty useful infomation so i'll share it with any GS users here aswell. Imagine you've just spent $200 or so on a new custom design for your GameScript powered arcade. Awesome you think, you will stand out from the crowd with this! But is it secure? I was tweaking a few things today on my new layout when i realised just how easy it would be for anyone to come along and steal all your layout with virtually no effort. I was having a nose around, and see a lot of sites have forbidden access to the directories but anyone who has their own copy of GameScript will know the filenames (which are still 100%readable) and copy to their hearts content. I will use ianag as an example, as it is still site listed as the GameScript demo and doesn't have any template modification. When trying to view http://www.ianag.com/arcade/templates/ we get a 403 Forbidden error. But i can just look in my gamescript folder, to find http://www.ianag.com/arcade/template...ult/header.tpl which to me, after spending money to get something personal to my site was a real concern. There are a number of options to prevent access. The most secure option would be to keep all .tpl files outside of your public_html directory - however this is a pain if you are using a pre-built system like GameScript so this method isn't really feasible. You could make some obscure random filenames, but it would be time consuming and no real solution. There is one simple easy solution that i'm using. Add the following to your .htaccess file: Code: <Files ~ "\.(tpl\|inc\|)$"> order deny,allow deny from all </files> I've also included the .inc extension, which the PM related files use. As you should see, http://www.gametoads.com/templates/default/index.tpl is now hidden away from public view. And there you go. Obiously this isn't going to provide 100% security, however it is a very easy little addition that will make it much harder for anyone attempting to look at files they shouldn't be or trying to take your work.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
My layout and design got ripped off and duplicated by this guy	Jack	The Lounge	8	09-13-2007 05:49 PM
GamesJet - New Layout!	gamesjet	Site Showcase and Reviews	3	05-28-2007 07:41 PM
Check out the NEW Layout!!	nkiegrea	Site Showcase and Reviews	7	05-08-2007 11:16 AM
Review script mods and new layout	guigo79	Site Showcase and Reviews	0	03-22-2007 12:52 AM
New layout www.gojogos.com	gojogos	Site Showcase and Reviews	1	11-29-2006 07:06 PM

07-14-2006, 01:44 PM	#2 (permalink)
PlatinumN23 Full Member Join Date: Jun 2006 Posts: 97	Excellent Job.. BTW; Welcome to the Forums

07-15-2006, 03:51 AM	#3 (permalink)
bigarte Contributing Member Join Date: Jun 2006 Location: Australia Posts: 33	I saw this at ArcadeWebmasters forum but passed over it. I have now re-read it here. Thanks for sharing this. Much appreciated.