stackoom
  简体   繁体   中英

Why are CodeIgniter application files in the public_html folder?

 原文  2009-11-30 21:17:47       php/ security/ apache/ codeigniter

Question

Isn't having all of the files in public view a bad thing?

Surely things such as /system/application/config/database.php should not be publicly visible!

6 answers

solution1
 26 ACCPTED  2009-11-30 21:35:18

The developers of CodeIgniter, EllisLabs, have set up the framework in this way for ease of use. It means that people wishing to try out the framework don't have to fiddle with any permissions settings on their server.

Of course on a production server, you are absolutely right, putting your PHP files in the public HTML folder is not a good idea.

A better way to organise your folders would be:

  • root
    • code_igniter
      • application_folder
        • config
        • controllers
        • models
        • ...
      • system_folder
    • public_html
      • css
      • js
      • images index.php .htaccess

The only other change to be made here would be to change line 26 of index.php to read: 

$system_folder = "../../code_igniter/system-folder";

solution2
 6  2009-11-30 21:42:12

You can add the following rule to your .htaccess file to further protect the system and application directories from being viewed (sends a 403 Forbidden error): 

# Protect application and system files from being viewed
RewriteRule ^(application|system) - [F,L]

solution3
 2  2012-05-10 16:31:34

With this structure: 

/application
/system
/public
   index.php

You can change in public/index.php these two settings and you are done 

$application_folder = '../application';
$system_path = '../system';

solution4
 1  2013-03-13 13:28:29

Jon Winstanley's answer is perfect, also don't forget to secure file uploads folder, if you have one. I did that by also moving it outside public root, and get the images using below code: 

<?php
// $details = getimagesize($_GET["path"] . '/' .  $_GET["image"]);
$details = getimagesize($_GET["path"] .  strip_tags($_GET["image"]));
header ('Content-Type: ' . $details['mime']);
readfile($_GET["path"] . strip_tags($_GET["image"]));
exit;
?>

solution5
 0  2009-11-30 21:36:09

Accessing the files within /system/ from a browser will not reveal any sensitive information, because the PHP will be parsed and nothing is output from those files (CI system files may even check to see if a variable has been defined that indicates the file wasn't accessed directly).

That being said, however, you should probably install your entire system folder above web root anyway.

solution6
 0  2009-11-30 21:38:30

You can always place the system directory outside the public directory. Don't forget to update paths inside the the front controller (index.php).

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question access files outside public_html folder Ensuring security of files in folder on public_html Why should I not put my PHP files in the public_html folder? Protecting folder in public_html Placing the PHP application folder above public_html Create folder outside public_html to upload files Deploy PHP Files with Capistrano 3 to public_html instead of releases folder How to access files in public_html through the subdomain folder .htaccess pointing public_html to public_html/folder/ - Not Redirecting How to upload image from subdomain folder to folder inside public_html using codeigniter file upload?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM