Welcome to Geeklog, Anonymous Tuesday, June 25 2024 @ 02:36 am EDT

Geeklog Forums

File Protection


Moon Watcher

Anonymous
I just installed Geeklog for the first time. After unpacking the taz.gz file I put the contents on the web server and didn't move anything. The only files I altered were the config.php and lib-common.php like it said to do in the installation instructions.

I put the files in the highest/default directory of my web hosting account. The directory has other files for my domains and email in it. Do I still need to password protect files that aren't in my public_html folder?

(I feel dumb asking this... please explain more about reasoning behind password-protecting directories.)
 Quote

Status: offline

Dirk

Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
Quote by Moon Watcher: Do I still need to password protect files that aren't in my public_html folder?

If there's a URL that you can type into your browser to get to those files, then you should password-protect that directory. If they're located in a place that does not have a URL, then you don't need to do that.

The stuff outside of public_html contains several sensitive files and directories. One, for example, is the "backups" directory, where your database backups will be located. You obviously don't want any random visitor to be able to download those ...

For the other files, it's more of an extra precaution. I've seen cases of misconfigured servers that printed out the contents of .php files. Now imagine that would happen with your config.php ...

bye, Dirk
 Quote

All times are EDT. The time is now 02:36 am.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content