NYCPHP Meetup

NYPHP.org

[nycphp-talk] FUNDAMENTALS #1: Site Structure

Chris Shiflett shiflett at php.net
Thu Sep 4 11:09:29 EDT 2003


--- D C Krook <dkrook at hotmail.com> wrote:
> My vote is for a directory under the web root, since it gives
> better flexibility to deploy code from machine to machine with
> a minimum of hassle

I'd be curious to see a poll on this topic now. It seems that the majority of
people who have responded to this question consider a security risk an
acceptable price to pay for a small convenience.

I guess the answers could break down into three categories:

1. I place my includes under document root for convenience, and I'm not aware
of any problems that could cause.
2. I understand the risk in doing so, but I still place my includes under
document root.
3. I place my includes outside of document root. It is a simple task, and it is
at least more secure than doing otherwise.

I am seeing a lot of people who fit into category 2. Does the convenience
really seem worth the risk? I'm honestly curious - not trying to be a smart
ass. :-)

Chris

=====
Become a better Web developer with the HTTP Developer's Handbook
http://httphandbook.org/



More information about the talk mailing list