I have a website hosted on ASP.NET server and using wordpress to build my site. I've extended its functionalities using PHP code. At which directory do I store secure files such as (passwords and certificate.pem)?
My server has the following structure:
-/
-/mywebsite.com
-/data
-/logs
-/wwwroot
-/wp-admin
-/wp-content
-/wp-includes
I understand that ASP.NET has a file called web.config file that is secure and stored at wwwroot. What's something equivalent using PHP?
Thanks.
Is -/website.com/data and -/website.com/logs publicly accessible? If not, you could create a new folder in -website.com/ to house the files.
/etc/ is a popular place for these types of files.
Related
I have a web application and I want to save data in a file instead of in the database.
My doubt is, where I should save the file? If I save it under the public directory, I could refer them with the assets to make the correct URL, but in the public directory, any person could see the file writing the complete URL. This shouldn't be because de data is reserved.
I think about the var directory, but I couldn't use the assets to make the correct URL to get or manage the files.
Where I should save the files and how I get/manage them?
If the data-file is local and hosted on the server's file system, the most logical place to store something like that would be the var directory. Although nothing stops you from creating your own "var-like" directory and naming any way you like it. E.g. data. But I would follow the conventions and create var/data, easier for everyone.
That you can't use the asset() function is irrelevant, because a data-file is not a web asset, but an infrastructure concern.
A file like this should not have a URL at all, but you would only access it through it's file system path.
In Service Cloud (FKA RightNow) Customer Portal, isn't the "assets" folder writable?
I'm trying to upload a file to a subfolder inside the "assets" folder but I seem to be running into permission issues. The code I'm using is:
$file_name = "File_".time().".txt";
if(move_uploaded_file($_FILES['upload']['tmp_name'], HTMLROOT . '/euf/assets/uploads/text/'.$file_name))
{
header("Location: /app/read_file/file_name/".$file_name);
exit;
}
This is throwing an error which states:
Access to move_uploaded_file is denied because its trying to access restricted folders in ......
Is there no way to save the uploaded file into the "assets" subfolder via PHP?
EDIT:
The destination seems to be correct as if I use:
echo HTMLROOT . '/euf/assets/uploads/text/'.$file_name
it prints:
/vhosts/sitename/euf/assets/upload/text/File_1480674311.txt
So the correct filepath is being referenced but somehow the framework is not allowing me to save it in there.
Update
The use case is such that via the CP, a person will upload a CSV/TXT file. This file would contain contact info (name, email etc) which will then be read (at a later stage) to create contacts in OSvC. This would be a recurring process, perhaps twice or thrice a month.
Since the reading of the file will not happen at the time of upload, storing the file someplace is the ideal solution.
Correct, the folders are protected by user permissions that are enforced by WebDAV and the file system. And, the assets folder is not intended to be a file storage mechanism for uploads as you are using in this capacity.
Is there a reason that you are placing files in assets as opposed to attaching them to incident or contact objects that would be within the context of someone operating within Customer Portal?
If you're looking to build some sort of content management into Customer Portal, then I'd suggest using a separate product for file storage that provides an API where you can manage files with more granularity, like Oracle Cloud Data Storage, where you can then serve these files from in CP.
Storing contact records or any other sensitive data in assets folder is VERY BAD PRACTICE. These files are open to public as any other files stored in assets folder - css, js, images...
There are other folders in the file structure that are much better for this purpose. They are only accessible from the code level.
Are you by any chance on v16.8?
I installed two codeigniter for desktop and mobile version. My directory structure is as follows:
www/projectfordesktop/application
www/projectfordesktop/uploads
www/projectfordesktop/projectformobile/application
My problem is that when I upload files from mobile site I want my file to be uploaded in main codeigniter application www/projectfordesktop/uploads. So, I want to access main codeigniter application base_url to www/projectfordesktop/projectformobile/. How is it possible.
I made two project because it redirect to m.project.com when accessed from mobile. And when access from desktop project.com. Is it good idea. If not, then is there any way I can use seperate view for mobile and desktop. Please help.
Thank you.
For security and a bunch of other reasons you absolutely do not want the upload folder in your application folder. And if at all possible you want your application folder and system folder above the public root. The other consideration - its possible and in some ways desirable to rename your application and system folder. So if your public folder is www
desktopapplication/www/
mobileappliction/www/
system306/www/
Now they are all safely above the public www, and they are labeled for what they are. Next you can have folders in the public folder, that contain the main index.php file for the specific application.
www/projectfordesktop/index.php
www/projectformobile/index.php
Open up the index.php file and redo the file paths to the application and system folder. Like
$system_path = '../../system306';
$application_folder = '../../desktopapplication';
The upload folder will now be either in www or one of the folders like projectfordesktop. Typically you would also put your css, js, etc files in there as well.
www/projectfordesktop/upload/
www/projectfordesktop/css/
www/projectfordesktop/js/
www/projectfordesktop/img/
Now - all the files which are public - are in a public folder. All the files which should be kept private - your application and system folder - are not public. And because you have labeled your application and system folder it makes it much easier to switch to different versions or revert back if needed.
im a total beginner in web programming. Im trying to create a simple website that is reading data from a SQL Database. At first i just wrote my database password and login directly into the php code:
<?php
$username = "login";
$password = "pw";
mysql_connect("server", $username, $password);
...
?>
This obviously isn't a very good idea! So what is a (much) more "secure" way to do this? I read about putting the php code into a seperate file, meaning not into the main php document of the website, and then restricting the access to that file. Maybe by a .htaccess file. Is this the way to go?
The config.php file and the .htaccess is a classic/good way to go. It's the way it is usually done with CMS or frameworks.
As pointed by JohnP, you can also store the config.php outside of the public directory, that means that it can't be accessed via HTTP. This is only a little better for security (if you don't make a mistake with your .htaccess, there is no more risks).
File structure example :
config/ -> configuration files
lib/ -> libraries and utils PHP files
public/ -> all you public pages/files/images...
That way, http://www.your-site.com/ points to public/, so there's no way to access the config. But this solution implies that you can change the root web directory (or that it is already like that).
Finally, you have to remember to set this file readable and writeable by the Apache user only, not everyone (unix file access rights), so that if someone gain access to you server through another user, he can't read the file.
You normally put this in a configuration file and you access the configuration values via PHP.
Usually a project is organized such that your application code and your configuration code is outside your webroot and only your public resources (index.php, images, scripts or other resources) are available via direct access.
So I must upload the CMS that I've been creating in the development environment to my company's server to show the client. But the software I created was built in the document root, and the company wants me to upload it to a folder on the server. Is there any way to set the document root dynamically with PHP, or to include an .htaccess or some such thing in a single folder on a server?
I suppose I could also juse create some global var with
$DOCUMENT_ROOT = dirname(dirname(__FILE__)));
And reference that at the beginning of my paths, but I am looking for a more elegant solution.
You're going to need to define a baseUrl that is available throughout your application. If the client is getting antzy to see your work, tell them to register a subdomain to throw it on.