On Wed, January 23, 2008 1:50 pm, Roberto Mansfield wrote: > Jason Pruim wrote: >> >>> Been doing some reading on security and have decided that I should >>> be >>> storing my include files outside of the document root... Which I >>> understand how to do it, but what I'm wondering, is say I write the >>> Next Killer App (tm). How would I port that code easily off of my >>> server and put it into a downloadable file for the millions of >>> people >>> who will download and run the Next Killer App (tm)? > > I tend to keep the directories in the document root, but I deny access > via an .htaccess file. This keeps the code in a simple directory > structure. Anyone else doing that? I used to do that. Then I had to move the site one day. Simple enough... tar -cvf moving.tar httpdocs gzip moving.tar Copy the file over, and untar it: tar -xzvf moving.tar.gz Should be all good to go, right? Wrong! tar didn't snag all the .htaccess files. For a brief moment in time my source code was exposed. And the admin had no password protection. And the images being generated by PHP|GD didn't work. And... I found and fixed it easily enough, but it would have gone undetected for a long time if I hadn't had the other issues. So I don't do that anymore, and I put the .inc files outside the web tree. ymmv -- Some people have a "gift" link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php