Posted by C. on 07/04/07 21:31

On 29 Jun, 10:03, Pugi! <pugin...@gmail.com> wrote:
> I read that from a security point of view includes (containing php
> code) should be located outside document root.
> On an LAMP server, where do you place those includes ?
> My document root is /var/www/html (/var/www/html/site1, /var/www/html/
> site2, ...). Is for example /var/www/phpincludes/ good enough for
> security reasons ?
> (This way I do not have to change backup jobs).

FFS! Pugi! thats the last thing on your list of priorities when
choosing a directory.

Also one directory is far from appropriate for a sensible
architecture. I use at least 3

/usr/share/php/ - stuff supplied off-the-shelf - PEAR,frameworks etc
/usr/local/phpenv.inc/ - stuff specific to the environment this server
runs in (develop/test/live) e.g. database credentials, database
server, list of servers in cluster
/usr/local/phpbox.inc/ - stuff unique to this server

How you organise them should be determined by how you manage your
servers filesystems - if that means changing your backup....guess
what.

C.

• Next in forum: PHP4 and PHP5 together on 1 LAMP
• Prev in forum: change a code that work for merge but not for intersect
• Thread view: Re: security question: includes outside doc root

[Reply to this message]