Login    Register

Install laravel outside the website root

Doptor Development related discuss here.
  • Author

Install laravel outside the website root

Postby Bielco » Sun Apr 20, 2014 6:00 am

I must say i really like this CMS, but it scares the hell out of me that all the files are just dumped into the webroot. To be sure i am not paranoid i searched on google on this subject, and one article on Stack Overflow catched my attention. The arguments go like this...

Using .htaccess adds overhead since Apache has another item it needs to check for and process.
Keeping files out of web root isn't being paranoid, it's good practice. What happens if someone accesses one of the "include" files directly and it throws out revealing errors because all the pre-requisite files weren't loaded?
Each file needs to have it's own security checks to make sure it is running under the expected environment. Each executable file in a web accessible area is a potential security hole.

That being said i would really like to see the source moving outside the website root. The only thing that should be in the webroot are css, images and javascript, because they need to be accessible directly. All the rest should be outside the webroot so direct acces is not possible in any circumstances.
Wordpress - Laravel - Doptor CMS Hosting at webdesignbyorder.com
User avatar
Posts: 24
Joined: Sat Apr 19, 2014 8:37 pm
Location: The Netherlands

Re: Install laravel outside the website root

Postby andrew » Tue May 06, 2014 10:44 am

Posts: 32
Joined: Tue Apr 15, 2014 4:23 pm

Return to Doptor Development Forums

Who is online

Users browsing this forum: No registered users and 0 guests