WASP uses HTML_Template_Flexy for its template system. The templates are compiled using "Chunk" classes that each refer to a html template.
The way it works now, the directory structure of applications is |_ /webroot/module/templateswhere module is where the php classes are stored, and templates is where the html templates are stored. The templates used to be stored in a seperate directory outside of the web root, as such
|_ /templates/ |_ /webroot/ModuleDirhowever it becomes cumbersome to keep track of which templates go to which php classes, so for organization sake having the template directory located beneath each module directory is easier to navigate.
My problem is, anyone who realizes a particular application uses WASP can go to a url, say http://blah/module, and look at the html files in the template directory (ex. http://blah/module/templates). Is it too much of a security issue to justify this useful organization? Theoretically the addition of an .htaccess file in the templates directories could solve the problem, but is that compounding the issue even more? I guess I'm asking for someone to tell me it's ok to do it this way, but if nobody agrees I can change it back.
Thanks for the input. -Brian /** * Brian Fioca * Chief Scientist / Sr. Technical Consultant * PangoMedia - http://pangomedia.com * @work 907.868.8092x108 * @cell 907.440.6347 */
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
