On 7/27/07, Richard Lynch <ceo@xxxxxxxxx> wrote: > On Fri, July 27, 2007 8:20 am, Eric Butera wrote: > > Not everyone has the option to do that. Plus I think it is > > unintuitive to have things outside of your actual "web site." You can > > disallow traffic with Apache fairly easily if you're paranoid of such > > things. > > I used to do this. > > Until one day I tar-ed up a site to move to a new webhost. > > tar -cf htdocs.tar htdocs > > Then I un-tar-ed it, of course: > > tar -xf htdocs.tar > > For about 15 minutes there, *ALL* the files I didn't want public, were > public. > > I caught the mistake only because something else was broken as well, a > dynamic PHP-generated image. > > Now I don't do that anymore, and I put anything private outside the > webtree. > > If your host doesn't give you a directory outside the webtree, find a > new host that does :-) > > -- > Some people have a "gift" link here. > Know what I want? > I want you to buy a CD from some indie artist. > http://cdbaby.com/browse/from/lynch > Yeah, I get a buck. So? > > We have our own dedicated server that we host client sites on. If I were to back out into the root then I would be at the level of all the other sites. It just doesn't make sense in my case. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
