Posted on: 11/09/06 04:27am
By: 1000ideen
The instructions of Geeklog say that the Geeklog system has to be stored above public_html. This is a problem for many users as many webspaces don`t allow access to it.
I couldn`t do that on any of my Confixx webspaces which I had with many providers. The only one where I was allowed to do that was an American cpanel powered webspace.
Well, all these webspaces ( Confixx and cpanel ) had one thing in common, they had a "files" subdirectory which was fully accessible through ftp.
root/public_html
root/files
So my suggestion would be to change the general instructions for Geeklog to install the system like that:
root/files/geeklog/ here all the system
It would make the whole installation also more orderly and it becomes easier to install other systems parallel to Geeklog.
BTW I quite like the way Wordpress does it. They have "wp-" in front of every file below /public_html/ and every subdirectory. So there is no collision with a possibly existing directory like /images or like /admin
I don`t know how other providers are or the new Plesk etc.
The file structure of geeklog
Posted on: 11/09/06 08:02am
By: 1000ideen
Just one more thought on that:
Dirk said in another thread that it is mainly the backup files which need to be in an extra safe place. So maybe Geeklog`s way of installation should change completely to /public_html and there should be another handling of backup files?
Again a comparison with Wordpress:
There is a backup plugin delivered with WP and you can chose the tables to be safed and you have 3 choices where the backup will be put. A) on the webspace
download C) send me an email with it.
The funny thing is when you chose A it tells you after a while it finished the backup and displays a link to download. When you decide to download (actually this would rather have been choice B but the system is clever it knows choice A in unsafe ) then the backup file on the webspace is being deleted automatically after the download.
I really like the way it works and it makes the backing up pretty safe and a matter of routine. Would be nice though if it had a timer.
The file structure of geeklog
Posted on: 11/09/06 09:02am
By: jmucchiello
[QUOTE BY= 1000ideen]Well, all these webspaces ( Confixx and cpanel ) had one thing in common, they had a "files" subdirectory which was fully accessible through ftp.
root/public_html
root/files
[/QUOTE]Except that I've been to providers where this was not the case. I'm wondering if it's possible to include a script in public_html that would setup the paths based on where it found stuff and based on what directories it could write to. Only real problem would be those places that cut off scripts after a certain amount of time. On success the script would redirect to public_html/admin/install/install.php
The file structure of geeklog
Posted on: 11/09/06 09:22am
By: 1000ideen
If I understand right, then it is only a matter of finding a safe place for the backup file. The rest of GL could all be below /public_html/.
So this sensing 'where can I write' could be done by the backup function. Save file above /public_html/ (if writable) or save it in an arbitrary subdir below /public_html/.
All in all it would make the installation of GL a more usual process, not to speak of the installation of plugins...
The file structure of geeklog
Posted on: 11/09/06 12:24pm
By: Blaine
It's far more then just the backup files - it's all the files that are not in the distribution public_html folder that should be outside of the webroot. Any file that is located in the webroot folder - where you site URL points to - is accessible directly by a URL and some hacker could read.
If your site config.php is in your webroot then this is not good and why GL supports and recommends it be placed outside the webroot. Addionally all core libraries are recommended to be placed outside the webroot and this prevents any hacker from being able to access them and potentially modify code.
Any file outside of the webroot is not accessible to a hacker via the internet directly. Only files (scripts, images etc) that need to be accessed by a URL need to be and should be in your webroot folder.
The file structure of geeklog
Posted on: 11/09/06 02:46pm
By: jmucchiello
Theoretically all the template files should also be outside the webroot but that would make theme maintenance difficult at best. Granted this data can be retrieved from the public sources, but should users be able to grab your *.thtml files? Perhaps I should modify my .htaccess file....
Personally, most of the contents of the existing public_html files should be functions in the hidden area. Any functions in those files should be in the system directory hidden away in a library file. Though, I'm not so paranoid that I would say do something like this:
// begin file public_html/index.php:
<? include '../hidden/index.php' ?>
// end file
The file structure of geeklog
Posted on: 11/09/06 03:18pm
By: 1000ideen
I understand that files are potentially more secure if they are not accessible at all. Security is a big topic with Geeklog.
On the other hand the more unusual Geeklog is the more it will deter possible users. And if a first install is already a problem... I don`t know what is worse.
Wouldn`t it be o.k. to put a .htaccess over a subdir below public_html?
/public_html/gl-system/ here all the important files
The file structure of geeklog
Posted on: 11/09/06 04:46pm
By: Blaine
Well not all users host wth apache. I have many clients running IIS so requiring all sites to use a .htaccess is not the way to go for a standard distribution. GL supports any webserver the way we have it.
Certainly there are other ways to secure your site and knowlegeable users can easily modify to meet their needs - we do not force one way only.
The file structure of geeklog
Posted on: 11/09/06 05:29pm
By: 1000ideen
A good hint. I see that the given structure makes much sense.