Should the form handler (PHP file) be protected from direct access?

2

210mev2019-08-07 20:02:37

PHP

210mev, 2019-08-07 20:02:37

Good time of the day.
There is a simple form.

<form action="/action_page.php">
  First name:<br>
  <input type="text" name="firstname" value="John">
  <br>
  Last name:<br>
  <input type="text" name="lastname" value="Doe">
  <br><br>
  <input type="submit" value="Submit">
</form>

Should the action_page.php form handler be protected from direct access, and how should it be protected at all? It's just important information.
From this question How to restrict access to PHP files? , I realized that with the correct configuration of the web server, you do not need to do anything extra. Then the question is, where in Nginx, to see if the server is configured correctly and how to configure it correctly in order to secure action_page.php ?

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

F

FanatPHP, 2019-08-07
@210mev

There is no "indirect" access to form handlers. Access is always direct.
There are no separate special form handlers. Your handler is a regular php script, just like all the others. And you need to protect it no more and no less than other scripts.
Therefore, you need to throw these fantasies out of your head and do something useful.

A

alekssamos, 2019-08-08
@alekssamos

If there are problems with the Internet connection on the server or the site crashes, when the key may appear in the error text. For reliability, turn off the output of all errors