On Jan 23, 2008, at 2:50 PM, Roberto Mansfield wrote:
Jason Pruim wrote:
Been doing some reading on security and have decided that I should
be
storing my include files outside of the document root... Which I
understand how to do it, but what I'm wondering, is say I write the
Next Killer App (tm). How would I port that code easily off of my
server and put it into a downloadable file for the millions of
people
who will download and run the Next Killer App (tm)?
I tend to keep the directories in the document root, but I deny access
via an .htaccess file. This keeps the code in a simple directory
structure. Anyone else doing that?
-Roberto
I used to just throw everything in the same directory, include files,
config files, pictures, css, html, php etc. etc. etc...
When I made my decision to put the includes out side of the webroot it
was because of a article I read by Chris Shiflett[1] that said
basically that this way of including files was safer then using
a .htaccess file to block access to it.
that's why I made my decision. Not to say it's the right one, just a
step in the right direction. To me it also seems more portable across
hosts to have access outside of your webroot vs. access to .htaccess
files. But I could be wrong, I have been lucky enough to always have a
company server with php at my full control so I could use what ever I
needed when I needed it.
[1]http://shiflett.org/articles/secure-design
--
Jason Pruim
Raoset Inc.
Technology Manager
MQC Specialist
3251 132nd ave
Holland, MI, 49424
www.raoset.com
japruim@xxxxxxxxxx
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
