Cool. As I poked around all the docs seemed to be for Drupal 4.6/4.7 with nothing about 5.0
Am I to follow similar installs as with Drupal 4.7?
DrewB
Joined: 2007-03-09
Posts: 3
Posted: Fri, 2007-03-09 13:01
I'm about to do a new install of Drupal 5.1 and Gallery 2.1.2. In the Gallery docs it says to put the Gallery data folder outside the root of the Gallery install. It also says to put the Gallery data folder outside the root webserver folder.
For now I'm running on a Linux shared host (may move to dedicated/virtual dedicated at some point).
I am not sure if I should put the Gallery installation inside the Drupal folder (a) or if I should put them side by side (b).
Any advice, links, etc... very welcome since I'd rather learn from others before I make mistakes.
TIA
valiant
Joined: 2003-01-04
Posts: 32509
Posted: Fri, 2007-03-09 14:05
both is fine. on gallery.menalto.com, we have gallery2 in the document root.
but the document root is drupal's root folder. drupal is not a sub-directory of the document root. usually, you don't put drupal in a sub-folder.
I have a test site with drupal at the web site's root and gallery2 within that, and have played a little with it, but wanted to check before I invested too much time in it and found I did something insecure.
It also seems like some folks like to do version testing first and keep the installs in separate folders at the web site's root, so I was wondering if that was a good idea. But I'd rather not make things more complicated than I need to.
It also seems to me I read someplace in the G2 docs to have the gallery2 data folder outside of the web site's root folder, similar to example "a".
Ark
Joined: 2007-03-10
Posts: 4
Posted: Sat, 2007-03-10 16:06
DrewB wrote:
I have a test site with drupal at the web site's root and gallery2 within that, and have played a little with it, but wanted to check before I invested too much time in it and found I did something insecure.
Drupal's Gallery Module actually requires you to set up Gallery within Drupal.
Quote:
It also seems like some folks like to do version testing first and keep the installs in separate folders at the web site's root, so I was wondering if that was a good idea.
There's nothing wrong with testing as such, but if "keep" means you'll want unused installs to remain on the server after testing, you are setting yourself up for a potential security issue as you probably won't remember to keep them patched against any vulnerabilities that may emerge.
Quote:
It also seems to me I read someplace in the G2 docs to have the gallery2 data folder outside of the web site's root folder, similar to example "a".
The location of your data folder is likely to be a very minor security issue.
DrewB
Joined: 2007-03-09
Posts: 3
Posted: Sat, 2007-03-10 18:55
Quote:
if "keep" means you'll want unused installs to remain on the server after testing
No. Mainly the impression I got was that one was live and the other was for testing. Once the new version proved itself, one would just point the server at the new install, change the db configs etc... I too would not recommend leaving old scripts on the server. Thanks for the advice.
Quote:
The location of your data folder is likely to be a very minor security issue.
Ok. But I'm still confused. I just did another install of Gallery 2.1.2 yesterday and noted during the install process it said it's best to locate the G2data folder outside of a place that's web accessible (I can't recall the exact wording). I'm guessing this is not really a matter of security of one's server, but security of one's assets.
So it seems the installer is recommending something like "a" above. Um, which I haven't done. My install is more like this:
/htdocs/g2data/
/htdocs/Drupal51 files at web server root
/htdocs/Gallery2/ (as a self contained folder inside drupal install)
I'm guessing someone can still slurp down all my assets by hitting the server in every which way, even if the G2data folder is outside of the web server root folder, so am not really sure of the benefits.
Is the difference that it's easier for someone anonymous to download all my assets when I have my G2data folder within my web root folder (as I've done), verses example "a" above?
Thanks, Drew.
Ark
Joined: 2007-03-10
Posts: 4
Posted: Sat, 2007-03-10 20:55
DrewB wrote:
I'm guessing someone can still slurp down all my assets by hitting the server in every which way, even if the G2data folder is outside of the web server root folder, so am not really sure of the benefits.
Okay. If something is below the Web root, it isn't "outside".
Let me explain. On a Web server, the path to the Web root might typically be something like this:
/usr/home/drew/public_html
Your Web root seems to be called "htdocs" rather than "public_html", which is fine. The whole point of having a Web root directory is that anything placed within it, or placed within any of its sub-directories, is supposed to be accessible on the Web.
By contrast, if you could create a directory such as:
/usr/home/drew/storage
And keep your G2 data there, that would be "outside" the Web root and therefore more "secure".
If you're on a shared server, you may or may not have permission to do that, however.
Posts: 32509
this very website is running drupal 5 with g2.2.
--------------
Doumentation: Support / Troubleshooting | Installation, Upgrade, Configuration and Usage
Posts: 6
Cool. As I poked around all the docs seemed to be for Drupal 4.6/4.7 with nothing about 5.0
Am I to follow similar installs as with Drupal 4.7?
Posts: 3
I'm about to do a new install of Drupal 5.1 and Gallery 2.1.2. In the Gallery docs it says to put the Gallery data folder outside the root of the Gallery install. It also says to put the Gallery data folder outside the root webserver folder.
For now I'm running on a Linux shared host (may move to dedicated/virtual dedicated at some point).
I am not sure if I should put the Gallery installation inside the Drupal folder (a) or if I should put them side by side (b).
a?
/htdocs/gallerdata/
/htdocs/drupal51/
/htdocs/drupal51/gallery2/
or
b?
/htdocs/gallerdata/
/htdocs/drupal51/
/htdocs/gallery2/
Any advice, links, etc... very welcome since I'd rather learn from others before I make mistakes.
TIA
Posts: 32509
both is fine. on gallery.menalto.com, we have gallery2 in the document root.
but the document root is drupal's root folder. drupal is not a sub-directory of the document root. usually, you don't put drupal in a sub-folder.
--------------
Doumentation: Support / Troubleshooting | Installation, Upgrade, Configuration and Usage
Posts: 3
Thanks valiant for your quick reply.
I have a test site with drupal at the web site's root and gallery2 within that, and have played a little with it, but wanted to check before I invested too much time in it and found I did something insecure.
It also seems like some folks like to do version testing first and keep the installs in separate folders at the web site's root, so I was wondering if that was a good idea. But I'd rather not make things more complicated than I need to.
It also seems to me I read someplace in the G2 docs to have the gallery2 data folder outside of the web site's root folder, similar to example "a".
Posts: 4
Drupal's Gallery Module actually requires you to set up Gallery within Drupal.
There's nothing wrong with testing as such, but if "keep" means you'll want unused installs to remain on the server after testing, you are setting yourself up for a potential security issue as you probably won't remember to keep them patched against any vulnerabilities that may emerge.
The location of your data folder is likely to be a very minor security issue.
Posts: 3
No. Mainly the impression I got was that one was live and the other was for testing. Once the new version proved itself, one would just point the server at the new install, change the db configs etc... I too would not recommend leaving old scripts on the server. Thanks for the advice.
Ok. But I'm still confused. I just did another install of Gallery 2.1.2 yesterday and noted during the install process it said it's best to locate the G2data folder outside of a place that's web accessible (I can't recall the exact wording). I'm guessing this is not really a matter of security of one's server, but security of one's assets.
So it seems the installer is recommending something like "a" above. Um, which I haven't done. My install is more like this:
/htdocs/g2data/
/htdocs/Drupal51 files at web server root
/htdocs/Gallery2/ (as a self contained folder inside drupal install)
I'm guessing someone can still slurp down all my assets by hitting the server in every which way, even if the G2data folder is outside of the web server root folder, so am not really sure of the benefits.
Is the difference that it's easier for someone anonymous to download all my assets when I have my G2data folder within my web root folder (as I've done), verses example "a" above?
Thanks, Drew.
Posts: 4
Okay. If something is below the Web root, it isn't "outside".
Let me explain. On a Web server, the path to the Web root might typically be something like this:
/usr/home/drew/public_html
Your Web root seems to be called "htdocs" rather than "public_html", which is fine. The whole point of having a Web root directory is that anything placed within it, or placed within any of its sub-directories, is supposed to be accessible on the Web.
By contrast, if you could create a directory such as:
/usr/home/drew/storage
And keep your G2 data there, that would be "outside" the Web root and therefore more "secure".
If you're on a shared server, you may or may not have permission to do that, however.