is it reasonably safe to store files under web root?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
scarface222
Forum Contributor
Posts: 354
Joined: Thu Mar 26, 2009 8:16 pm

is it reasonably safe to store files under web root?

Post by scarface222 »

The title speaks for itself...can I store files in sub directory in my public folder and feel safe?
alex.barylski
DevNet Evangelist
Posts: 6267
Joined: Tue Dec 21, 2004 5:00 pm
Location: Winnipeg

Re: is it reasonably safe to store files under web root?

Post by alex.barylski »

Define safe...depends on your setup.

Are the files for private eyes only. If that is the case and your on a shared server, your probalby best keeping those files in a MySQL server. If you are running a dedicated server, you could probably get away with keeping the files on the file system, but outside docroot. Lastly (alternatively) you could password protect the directories that contain sensitive files...personally I dislike this technique as its entirely dependent on Apache being configured properly.

Using a database is probably the safest all round solution using a proxy script to fetch the contents and return the file to the requester.

Cheers,
Alex
scarface222
Forum Contributor
Posts: 354
Joined: Thu Mar 26, 2009 8:16 pm

Re: is it reasonably safe to store files under web root?

Post by scarface222 »

Hey thanks for your reply Alex. I am on a virtual private network on a remote server and this is my first website so I am always learning. I am storing mp3s and images that the users upload so they are frequently read and are not exactly sensitive information. I have them in a usercontent folder within the publichtml folder (web root) since I did not think it was possible based on information I had seen to access these files outside the web root. What is your opinion on the situation?
Post Reply