• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Codeigniter 4 security and best practices on live

#1
Hi, I've went through the tutorial once more, but I still have the following issues with my project that bothers me:
1., the full file system is visible if I navigate to the root on my live server **REDACTED** which is disturbing since anyone will access anything stored there including keys and such. Thank God the app folder is not visible. I'd like not only to hide but make anything that's not in the routes to be inaccessible to users.
2., I could find ways to change the main controller's route for earlier versions of CI but not for CI4. Also I have read something that this is not to be modified due to the above file protection. So once I have uploaded my project to the live host, how can I setup the site to open the / listed in the routes without using the public/index.php/ url?

I have read that one has to modify the application root, but where is that in the project, so that the live host knows what to do with the site?

Thank you, have a great day!
Reply

#2
You need to map your server so that the DOCUMENT_ROOT for your roject is its public folder. Then everything else is hidden.
Reply

#3
(11-04-2019, 05:56 AM)ciadmin Wrote: You need to map your server so that the DOCUMENT_ROOT for your roject is its public folder. Then everything else is hidden.
Hi, yes, I saw this message from you many times,  but never found this var, that is why I asked you, where is this set up?
Reply

#4
The "document root" is a server term, and not configured inside your app.
With Apache, a common pracice is to setup a virtual host element for your app, eg DocumentRoot "/pub7/htdocs/course-hub/public"

I have seen some clever .htaccess rulesets to achieve this too, but they strike me as more complicated than the virtual host approach.
Reply

#5
I meant I would like to set tis up on 000webhost first, to see it working as I expect it, securely, not showing all my directory and sensitive files before I put out a full serious application to a paid server. Do you think I have any options to set this other than their default server settings? I have never used a paid live server before, I can't tell what options you should have there. Thanks.
Reply

#6
It looks like they use cpanel, and I know that the document root for subdomains and addon domains can be set to the public folder of a project. I do recall a problem with the main domain - once its document root was set to public_html (for instance) I could not change it.

Have you asked their help desk about what you are tying to do?
Reply

#7
I've found a solution using this: https://www.000webhost.com/forum/t/deplo...ite/127323
I've deleted the public_html folder, uploaded my ci4 project to the root, renamed public to public_html, and looks like it's working fine. Now I need to add my domain to it.
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2019 MyBB Group.