You are here: Re: security question: includes outside doc root « PHP Language « IT news, forums, messages
Re: security question: includes outside doc root

Posted by J.O. Aho on 06/29/07 10:10

Pugi! wrote:
> I read that from a security point of view includes (containing php
> code) should be located outside document root.
> On an LAMP server, where do you place those includes ?
> My document root is /var/www/html (/var/www/html/site1, /var/www/html/
> site2, ...). Is for example /var/www/phpincludes/ good enough for
> security reasons ?

Your document root(s) you find in your apache settings, easy way to check
those is just do a grep for DocumnetRoot on those configuration files you have
for you sites.

Your document root seem to be /var/www/html/site1 for site1, so for that one
you can place files in /var/www/html/ and you will be outside the sites root
directory.
Your document root seem to be /var/www/html/site2 for site2, so for that one
you can place files in /var/www/html/ and you will be outside the sites root
directory.
If you have a default server running which has /var/www/html as document root,
then change that as fast as possible, as this can lead to security overrides,
create a new document root for it, example /var/www/html/default and move all
files there that hasn't anything to do with your other sites.

The answer to your question is that /var/www/phpincludes/ is outside your
document roots.


--

//Aho

 

Navigation:

[Reply to this message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация