Security: Includes, Classes, Configs?

nickCR

nickCR

New member
Feb 5, 2010
1,073
12
0
CR
So I have a question, which i'm sure you guys can answer.

I was taught that having your includes in /home/user/includes/ was
best practice for security reasons, however the most popular apps on
the market come with the includes folder inside the install directory
itself /home/user/public_html/includes/.

Which way is the best?

Which way is the most secure?

Which way is the most efficient?
 


The answer is. Safer behind the public_html folder. I guess all the major php open source scripts come inside their folders for ease of distribution.
 
They do it for purposes of compatibility (AKA keeping their support emails to a minimum). A lot of people using shared hosting have a hard time changing server settings and getting php access to things outside their web root. There are ways to get it to work, but these are also usually noobs with their first hosting account as well.
 
Depends on what the files contain.. config files are definitely safest in a directory that cannot be accessed by the user running the web server process. Template files, classes and pieces of code that are just going to be shared by multiple files are fine to put be put in an includes directory accessible from the outside.
 
jryan21 said:
They do it for purposes of compatibility (AKA keeping their support emails to a minimum). A lot of people using shared hosting have a hard time changing server settings and getting php access to things outside their web root. There are ways to get it to work, but these are also usually noobs with their first hosting account as well.
Click to expand...

Figured. Makes sense I guess if your going to distribute your software to thousands of people/servers.

briangriffin said:
Depends on what the files contain.. config files are definitely safest in a directory that cannot be accessed by the user running the web server process. Template files, classes and pieces of code that are just going to be shared by multiple files are fine to put be put in an includes directory accessible from the outside.
Click to expand...

That makes sense and yeah usually the configs are the only ones that actually have the goods in them.

I don't really see any easy way to have the config behind the public directories with a mass app while keeping it simple to install, maintain, etc.. When for the masses it really needs to be drag and drop.

Welcome to WickedFire.
 
You must log in or register to reply here.
Top Bottom