Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 1 hour ago.
Improve this question
In shared hosting, I installed all laravel application files in the root folder (public_html). But also I deny the .env file via htaccess.
So is denying the .env file via htaccess enough for application security?
Do I have to install the app at the same directory level of public_html and do i have to create a symlink?
Thanks!
So is denying the .env file via htaccess enough for application security?
No.
Examples of where this would not be sufficient:
Someone could access files like storage/logs/laravel.log and see potentially sensitive information.
Misconfiguring/breaking PHP on the server would permit users to browse your PHP files as plain text, potentially revealing the entirety of your source code.
Related
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 2 years ago.
Improve this question
if I serve my laravel application using php artisan serve provided server and if I point URL/storage it's giving me this enter image description here it was absolutely fine.
But if I serve my application using apache or Nginx server virtual host then if I point domain.test/storage enter image description here I can see all folder which is in the storage public folder. Now I want to implement this php artisan serve provided server features on the virtual host.
I have previously used this guide for setting up nginx with the right permissions for laravel. When I try to access the /storage endpoint I get a 403 forbidden error, which I assume is what you want. This way directory listings will be hidden and you would need to provide a full path to the file in order to access it.
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 6 years ago.
Improve this question
The hosting I am using allows protecting files with username and password. Will it "break" something if I put password on a file that is included or required in many php pages of my site?
Assuming this is HTTP authentication, this provides no password protection on the filesystem so including files from the filesystem will not be affected. This also does not prevent files from being read from the filesystem by other users if they have the permissions to do so.
This will only display a password prompt to users who access the file path from the web server (http://)
If you actually have private files that you wish only to be included from your PHP script, then you can keep them out of the public_html (or web server root directory) completely.
for example:
app/private.php
public_html/index.php
Inside index.php:
<?php
include "../app/private.php";
/* Other code */
?>
As app is outside the public_html directory, it will not be able to be served by the web server, but you can still include it from the filesystem.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 7 years ago.
Improve this question
In which diretory should script files for cronjobs be saved? Available to the public inside var/www/html or better inside var/www/files or ...?
Re-posting comments from above, for easier reference and clarity:
Why would you want to make cronjob script files available to the public? If you're distributing them, var/www/* would be a fine place to put them. If you're intending to run them on your server, put them somewhere that isn't public facing, like your /home directory
Cron only needs its scripts to be in a directory it can access. While it can definitely access /var/www/, so can (potentially) the public; it depends on your configuration. If you're running Apache as your web-server, then accessibility of any directory under the web root (usually, and likely in this case, /var/www) is configured by .htaccess files (or in a Directory block in your main server config). By default, all sub-directories and files are accessible. If you don't care about other people seeing your cron scripts, go ahead and put it in var/www. Otherwise, put them somewhere else or change your server configuration
The best way to do that you want, is create a new directory dedicated to save the scripts, for example, /var/www/html/scripts
In that way, people is able to see the the sctipts and for crontab schedule too.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I need help with making a webpage from several files and I am not sure how to go about it. I'm not sure how to follow these instructions can someone help me out.
Install:
Copy contents of folder "upload_to_server" to your server.
Open "includes/config.php" and edit $cfg['db_server'], $cfg['db_username'], $cfg['db_password'], $cfg['db_database'] to be your database details, and $cfg['site_url'] to be the URL to the site with a trailing slash e.g. "http://www.example.com/" or "http://www .example.com/example/" (if it has been uploaded to a sub folder named "example".
Import database.sql into your database
![Here is a picture of the files for the site][1]
[1]: http://i.stack.imgur.com/7eHOb.pn g
You need to install a local web stack first. WAMP or XAMPP for Windows, LAMP for Linux, or MAMP for Mac
You are then going to have to locate your web folder, which is usually called www, htdocs, or public_html. This is where your files need to go.
You can import databases from PhpMyAdmin, which should come bundled with your web stack.
Then you use http://localhost/whatever-folder-you-added to access it.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
Improve this question
I have a PHP script running on my LAMP server that requires certain files in order to produce HTML content. The script is publicly accessible (i.e. http://example.com/script.php) but the files required by the script must secured. I could probably place the files in any directory other than /var/www and they would be relatively safe, but I'm trying to learn the Linux filesystem and I'd like to use the most appropriate place (according to FHS). Any help would be great.
After a bit of research, I think I've answered my question. The most appropriate location seems to be /srv (with the addition of sub-directories which properly categorize the data).
/srv contains site-specific data which is served by this system.
http://www.pathname.com/fhs/pub/fhs-2.3.html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM