Geeklog Forums

I just installed Geeklog for the first time. After unpacking the taz.gz file I put the contents on the web server and didn't move anything. The only files I altered were the config.php and lib-common.php like it said to do in the installation instructions.

I put the files in the highest/default directory of my web hosting account. The directory has other files for my domains and email in it. Do I still need to password protect files that aren't in my public_html folder?

(I feel dumb asking this... please explain more about reasoning behind password-protecting directories.)

If there's a URL that you can type into your browser to get to those files, then you should password-protect that directory. If they're located in a place that does not have a URL, then you don't need to do that.

The stuff outside of public_html contains several sensitive files and directories. One, for example, is the "backups" directory, where your database backups will be located. You obviously don't want any random visitor to be able to download those ...

For the other files, it's more of an extra precaution. I've seen cases of misconfigured servers that printed out the contents of .php files. Now imagine that would happen with your config.php ...

bye, Dirk