Re: including files outside of document root

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, January 23, 2008 1:50 pm, Roberto Mansfield wrote:
> Jason Pruim wrote:
>>
>>> Been doing some reading on security and have decided that I should
>>> be
>>> storing my include files outside of the document root... Which I
>>> understand how to do it, but what I'm wondering, is say I write the
>>> Next Killer App (tm). How would I port that code easily off of my
>>> server and put it into a downloadable file for the millions of
>>> people
>>> who will download and run  the Next Killer App (tm)?
>
> I tend to keep the directories in the document root, but I deny access
> via an .htaccess file. This keeps the code in a simple directory
> structure. Anyone else doing that?

I used to do that.

Then I had to move the site one day.

Simple enough...

tar -cvf moving.tar httpdocs
gzip moving.tar

Copy the file over, and untar it:

tar -xzvf moving.tar.gz

Should be all good to go, right?

Wrong!

tar didn't snag all the .htaccess files.

For a brief moment in time my source code was exposed.

And the admin had no password protection.

And the images being generated by PHP|GD didn't work.

And...

I found and fixed it easily enough, but it would have gone undetected
for a long time if I hadn't had the other issues.

So I don't do that anymore, and I put the .inc files outside the web
tree.

ymmv

-- 
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/from/lynch
Yeah, I get a buck. So?

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux