module folders in web root issues?

cmcdotcom

Joined: 2004-12-30
Posts: 5
Posted: Thu, 2004-12-30 21:03

Have you guys given any thought to being able to place folders with code in them (modules,adodb, etc.) outside of the web root. I can't think of anything super dangerous about it at the moment, but it always gives me a funny feeling to have readable code sitting in the web root.

 
valiant

Joined: 2003-01-04
Posts: 32509
Posted: Thu, 2004-12-30 22:21

1. As long as this code doesn't do anything if accessed directly, there's no reason to have a funny feeling (there are no scripts in G2, just main.php is a script, the rest are files that have classes or functions)

2. There are plans, or maybe just ideas, to have a second modules folder in the g2data folder (which can be outside the web root), to install things directly from the internet.

 
bharat
bharat's picture

Joined: 2002-05-21
Posts: 7994
Posted: Sat, 2005-01-01 06:05

Remember also that all of this code is freely available on the web, like here. Anybody who wants to see it can see it. If you plan on making a lot of changes to the code, I can understand your wanting to keep it inaccessible. In that case, you can create a .htaccess filter to deny access to any file that ends in .inc or .class and you'll probably be secure.