Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 7 years ago.
Improve this question
In which diretory should script files for cronjobs be saved? Available to the public inside var/www/html or better inside var/www/files or ...?
Re-posting comments from above, for easier reference and clarity:
Why would you want to make cronjob script files available to the public? If you're distributing them, var/www/* would be a fine place to put them. If you're intending to run them on your server, put them somewhere that isn't public facing, like your /home directory
Cron only needs its scripts to be in a directory it can access. While it can definitely access /var/www/, so can (potentially) the public; it depends on your configuration. If you're running Apache as your web-server, then accessibility of any directory under the web root (usually, and likely in this case, /var/www) is configured by .htaccess files (or in a Directory block in your main server config). By default, all sub-directories and files are accessible. If you don't care about other people seeing your cron scripts, go ahead and put it in var/www. Otherwise, put them somewhere else or change your server configuration
The best way to do that you want, is create a new directory dedicated to save the scripts, for example, /var/www/html/scripts
In that way, people is able to see the the sctipts and for crontab schedule too.
Related
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 1 hour ago.
Improve this question
In shared hosting, I installed all laravel application files in the root folder (public_html). But also I deny the .env file via htaccess.
So is denying the .env file via htaccess enough for application security?
Do I have to install the app at the same directory level of public_html and do i have to create a symlink?
Thanks!
So is denying the .env file via htaccess enough for application security?
No.
Examples of where this would not be sufficient:
Someone could access files like storage/logs/laravel.log and see potentially sensitive information.
Misconfiguring/breaking PHP on the server would permit users to browse your PHP files as plain text, potentially revealing the entirety of your source code.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 2 years ago.
Improve this question
Hi Im wondering how to make a basic directory layout for a client if you have php and mysql embeded. I mean the folder layout, and how to name them. So that everyone that develops in the web can recognize it. Is there any special way to do this?
Basic can mean a lot here. The most basic web hosts I worked with just have one folder in it. www (or htdocs, httpdocs, public_html, html) The domain is configured to point into this folder. All files are accessible from the web. Older webservers often had separate folders for perl, cgi, python, etc. stuff. More advanced server offer more folders, for example for logs, automated backups. It can be a good practice for some frameworks to have a separate folder for the source files and create a symlink in the public folder. It really depends on what you want to offer to your client. I would suggest to first of all make a plan on what you want to offer and then try to build a folder structure that mirrors a modular server build. For naming conventions, there are no real standards.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 9 years ago.
Improve this question
I'm concerned about security. I need to allow a specific group of users to upload documents and for all other users to download them.
Where or what folder is the best place to allow this to happen? I read that outside the root of the site is best but then I've read conflicting posts.
Thanks for any help.
It all depends what you need to be able to do with them once they are uploaded.
Outside the web root is definitely best but if you then need to be able to show those files on webpages, you will need to write a handler or just save them inside the webroot.
Ideally you should never allow untrusted users to upload any file to a server and should certainly never allow untrusted users to upload files into a webroot as they could then use your server to spread malware or upload files that can be executed on the server and take control of your server or site.
You should always ensure that the minimum number of file types possible are allowed for upload so if a user is uploading an image, make sure they can only upload images
I generally save files to a folder outside the web root (note, not just outside my site root, but outside of the actual web root directory). You only asked for advice on where best to store the files, but presumably you are taking other steps to make the uploaded files secure (like, changing the name of the file, changing the permissions on the file, etc). Good luck!
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
I installed an Apache server and am playing around with it a bit. What I can't figure out is how to properly set permissions for this setup:
I don't want my files to be externally accessible (i.e. ./files/file1.foo) - there are many files in this directory and I don't want people to be able to read them. So far so good. chmod o+r enables reading and vice versa, in my case.
Then I have a PHP script that handles sessions with each user, who owns one of the files and should be able to view it, but only it, not the other files. Let's say the file is a picture. I would write <?php ... echo "<img src=\"files/file5.foo\"> ?> to show this file. But that wouldn't work, because the PHP doesn't have permissions to the file either.
What is the way to handle this?
For those requirements the best solution is to store the protected files outside of the public HTML and use a PHP script to serve them. The PHP can then check if the current user should be allowed to access the requested file or not.
Have a look at this example. For inline images, don't set the file transfer headers, just output the content (you can still output a content-type header but that isn't needed).
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 8 years ago.
Improve this question
This question is directly related to a previous question of mine :
php files are downloaded instead of ran
But I have narrowed down the problem so that answering one question technically answers both.
I have made many changes to .htaccess in a certain directory above the root. We'll just call it /dir. Somewhere along the way, I made a change that broke the way php runs files. My overall goal is to get php to run .php files again; however my question is about resetting the .htaccess for /dir. I created php files in the directory before /dir (previous/dir) and they run fine, so I just need to reset whatever changes are being held onto for that directory.
How can I clear all .htaccess for that directory.
Keep in mind, I have cleared the .htaccess file already. Whatever changes happened are being stored somewhere in apache that I can't get to. I just want to reset them and go back to where php was working in that directory.
Thanks.
The problem was that the original .htaccess had changed permissions to the directory because of password protecting. After I deleted the .htaccess file and the pwd, the permissions were still altered. After fixing the permissions I was easily able to fix everything.