is it reasonably safe to store files under web root?
Moderator: General Moderators
-
scarface222
- Forum Contributor
- Posts: 354
- Joined: Thu Mar 26, 2009 8:16 pm
is it reasonably safe to store files under web root?
The title speaks for itself...can I store files in sub directory in my public folder and feel safe?
-
alex.barylski
- DevNet Evangelist
- Posts: 6267
- Joined: Tue Dec 21, 2004 5:00 pm
- Location: Winnipeg
Re: is it reasonably safe to store files under web root?
Define safe...depends on your setup.
Are the files for private eyes only. If that is the case and your on a shared server, your probalby best keeping those files in a MySQL server. If you are running a dedicated server, you could probably get away with keeping the files on the file system, but outside docroot. Lastly (alternatively) you could password protect the directories that contain sensitive files...personally I dislike this technique as its entirely dependent on Apache being configured properly.
Using a database is probably the safest all round solution using a proxy script to fetch the contents and return the file to the requester.
Cheers,
Alex
Are the files for private eyes only. If that is the case and your on a shared server, your probalby best keeping those files in a MySQL server. If you are running a dedicated server, you could probably get away with keeping the files on the file system, but outside docroot. Lastly (alternatively) you could password protect the directories that contain sensitive files...personally I dislike this technique as its entirely dependent on Apache being configured properly.
Using a database is probably the safest all round solution using a proxy script to fetch the contents and return the file to the requester.
Cheers,
Alex
-
scarface222
- Forum Contributor
- Posts: 354
- Joined: Thu Mar 26, 2009 8:16 pm
Re: is it reasonably safe to store files under web root?
Hey thanks for your reply Alex. I am on a virtual private network on a remote server and this is my first website so I am always learning. I am storing mp3s and images that the users upload so they are frequently read and are not exactly sensitive information. I have them in a usercontent folder within the publichtml folder (web root) since I did not think it was possible based on information I had seen to access these files outside the web root. What is your opinion on the situation?