Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived General Discussion Do you put the system folder outside of web root?
Do you put the system folder outside of web root?
  • El Forum
    Guest
  •  
#1
02-06-2009, 03:57 AM

[eluser]gh0st[/eluser]
I'm wondering, in the Zend framework you put their library folder outside of the web root, or perhaps putting it in a directory with certain htaccess rules.

I'm wondering, is it safe to put the system folder inside the web root, or are you meant to put it somewhere else?

If so, what htaccess rules are applicable to ensure security?
  • El Forum
    Guest
  •  
#2
02-06-2009, 04:49 AM

[eluser]GSV Sleeper Service[/eluser]
personally I separate out the application and system folders and put them both outside of the web root. The only thing I have in htdocs is index.php, and folders for css, images and js.

a suitable .htacces is
Code:
#send everything to index.php unless the file or folder exists in the webroot
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /index.php/$1 [L]
  • El Forum
    Guest
  •  
#3
02-06-2009, 05:17 AM

[eluser]gh0st[/eluser]
When you don't have access to before the web root, is it okay to put it in the web root and include a .htaccess file to ensure security?
  • El Forum
    Guest
  •  
#4
02-06-2009, 06:23 AM

[eluser]cahva[/eluser]
Yes. You can simply put .htaccess file which contains this inside system folder:
Code:
deny from all
  • El Forum
    Guest
  •  
#5
02-06-2009, 08:58 AM

[eluser]gh0st[/eluser]
I'm wondering...

I can get access to one level up from the web_root.

If I put my system folder in here, what do I change the

$system_folder = "system";

to in the index.php file?

Is it the full path?

Thanks
  • El Forum
    Guest
  •  
#6
02-06-2009, 09:04 AM

[eluser]Tom Schlick[/eluser]
if you saying you can get to the folder before the webroot then it would be

$system_folder = "../system";
  • El Forum
    Guest
  •  
#7
02-06-2009, 09:10 AM

[eluser]gh0st[/eluser]
I'll try it and see what happens.

Thanks!
  • El Forum
    Guest
  •  
#8
06-15-2009, 03:39 PM

[eluser]searain[/eluser]
CI or Not, I always like to put the folders or files outside of the web root if they don't have to be in the web root.

My questions are:

1) To put system folder outside the web root is a better practice in CI? (it is the min. access rule, right?)

2) in addition to $system_folder = “../system”; what else I should do differently or I should know if I put system outside web root?

Thanks!
  • El Forum
    Guest
  •  
#9
06-15-2009, 06:30 PM

[eluser]Thorpe Obazee[/eluser]
1. for me, as long as access to the system folder is prevented via .htacess is already fine.
2. You could do the same for the application folder.
  • El Forum
    Guest
  •  
#10
06-16-2009, 01:45 AM

[eluser]cahva[/eluser]
In webroot I personally dont have anything else than:

.htaccess
index.php
assets/ (containing images,js,css etc.)

You can see from this thread how I have set up my system.




Theme © iAndrew 2016 - Forum software by © MyBB