Page 1 of 1

Keeping files out of docroot

Posted: Mon Feb 05, 2007 11:12 pm
by alex.barylski
Most would agree that this is safest best, but is it really that much better than a system that uses .htaccess, either passwords or mod_rewrite or similar?

So long as Apache is configured properly...wouldn't the latter be just as good?

Cheers :)

Posted: Tue Feb 06, 2007 2:15 am
by Kieran Huggins
it doesn't seem to make a huge difference, but keeping some stuff outside your docroot will keep it from colliding with a changing directory structure. OK.. kind of a weak argument...

I guess my actual opinion is: meh.

Posted: Tue Feb 06, 2007 5:38 pm
by Ambush Commander
Well, it is all about whether or not Apache is configured properly: someone might accidentally nuke the configuration and expose sensitive files. But yeah, theoretically speaking if Apache's not allowed to touch it, it won't.