[FX.php List] Web Root Directory - clarifying exactly *which* folder?

Joel Shapiro jsfmp at earthlink.net
Fri Oct 17 11:41:55 MDT 2008


@ Michael: Thanks for the explanation.

@ Dale: My understanding is that the PHP engine can access files  
anywhere on the machine (or beyond?), while web users can only access  
files within the web root directory.  That way, placing config etc.  
files outside the web root directory removes access to web users  
while still keeping them available to PHP.  That's my understanding,  
at least.

-Joel


On Oct 16, 2008, at 10:42 PM, Head Honcho wrote:

> Hi Joel,
>
> The main reason would be if clients had ftp access... then they can  
> see all the files.  Not a problem for the client, but if someone  
> else gained access there is a security hole.  If the password files  
> are outside the document root, then, in theory, noone should have  
> access, including those with legitimate FTP access.
>
> BTW, the document root is whatever is set in the http.conf file,  
> and can be changed.  Mine is not in library/webserver/documents...  
> as I wanted to have a separate drive dedicated to web documents.
>
> Regards
>
> On 17/10/2008, at 12:10 PM, Dale Bengston wrote:
>
>> Seems weird to me, because then you'd need to give the www user  
>> access to a directory outside the web root, and that creates its  
>> own security problems.
>
> Regards
>
> Michael Ward
> --
> Head Honcho
> CustoMike Solutions
> Member, FileMaker Business Alliance
> Member, FileMaker Technical Network
> FileMaker 7 Certified Developer
> FileMaker 8 Certified Developer
> FileMaker 9 Certified Developer
> 10 Wandoo Crt
> Wheelers Hill, 3150
> ph 0414 562 501
> headhoncho at customikesolutions.com
>
>
>
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list



More information about the FX.php_List mailing list