Welcome to Geeklog, Anonymous Tuesday, October 04 2022 @ 06:59 am EDT

Geeklog Forums

The file structure of geeklog


Status: offline

1000ideen

Forum User
Full Member
Registered: 08/04/03
Posts: 1298
The instructions of Geeklog say that the Geeklog system has to be stored above public_html. This is a problem for many users as many webspaces don`t allow access to it.

I couldn`t do that on any of my Confixx webspaces which I had with many providers. The only one where I was allowed to do that was an American cpanel powered webspace.

Well, all these webspaces ( Confixx and cpanel ) had one thing in common, they had a "files" subdirectory which was fully accessible through ftp.

root/public_html
root/files

So my suggestion would be to change the general instructions for Geeklog to install the system like that:

root/files/geeklog/ here all the system

It would make the whole installation also more orderly and it becomes easier to install other systems parallel to Geeklog.

BTW I quite like the way Wordpress does it. They have "wp-" in front of every file below /public_html/ and every subdirectory. So there is no collision with a possibly existing directory like /images or like /admin

I don`t know how other providers are or the new Plesk etc.
 Quote

Status: offline

1000ideen

Forum User
Full Member
Registered: 08/04/03
Posts: 1298
Just one more thought on that:

Dirk said in another thread that it is mainly the backup files which need to be in an extra safe place. So maybe Geeklog`s way of installation should change completely to /public_html and there should be another handling of backup files?

Again a comparison with Wordpress:
There is a backup plugin delivered with WP and you can chose the tables to be safed and you have 3 choices where the backup will be put. A) on the webspace Cool download C) send me an email with it.

The funny thing is when you chose A it tells you after a while it finished the backup and displays a link to download. When you decide to download (actually this would rather have been choice B but the system is clever it knows choice A in unsafe ) then the backup file on the webspace is being deleted automatically after the download.

I really like the way it works and it makes the backing up pretty safe and a matter of routine. Would be nice though if it had a timer.
 Quote

Status: offline

jmucchiello

Forum User
Full Member
Registered: 08/29/05
Posts: 985
Quote by 1000ideen:Well, all these webspaces ( Confixx and cpanel ) had one thing in common, they had a "files" subdirectory which was fully accessible through ftp.

root/public_html
root/files
Except that I've been to providers where this was not the case. I'm wondering if it's possible to include a script in public_html that would setup the paths based on where it found stuff and based on what directories it could write to. Only real problem would be those places that cut off scripts after a certain amount of time. On success the script would redirect to public_html/admin/install/install.php
 Quote

Status: offline

1000ideen

Forum User
Full Member
Registered: 08/04/03
Posts: 1298
If I understand right, then it is only a matter of finding a safe place for the backup file. The rest of GL could all be below /public_html/.

So this sensing 'where can I write' could be done by the backup function. Save file above /public_html/ (if writable) or save it in an arbitrary subdir below /public_html/.

All in all it would make the installation of GL a more usual process, not to speak of the installation of plugins...
 Quote

Status: offline

Blaine

Forum User
Moderator
Registered: 07/16/02
Posts: 1232
Location:Canada
It's far more then just the backup files - it's all the files that are not in the distribution public_html folder that should be outside of the webroot. Any file that is located in the webroot folder - where you site URL points to - is accessible directly by a URL and some hacker could read.

If your site config.php is in your webroot then this is not good and why GL supports and recommends it be placed outside the webroot. Addionally all core libraries are recommended to be placed outside the webroot and this prevents any hacker from being able to access them and potentially modify code.

Any file outside of the webroot is not accessible to a hacker via the internet directly. Only files (scripts, images etc) that need to be accessed by a URL need to be and should be in your webroot folder.
Geeklog components by PortalParts -- www.portalparts.com
 Quote

Status: offline

jmucchiello

Forum User
Full Member
Registered: 08/29/05
Posts: 985
Theoretically all the template files should also be outside the webroot but that would make theme maintenance difficult at best. Granted this data can be retrieved from the public sources, but should users be able to grab your *.thtml files? Perhaps I should modify my .htaccess file....

Personally, most of the contents of the existing public_html files should be functions in the hidden area. Any functions in those files should be in the system directory hidden away in a library file. Though, I'm not so paranoid that I would say do something like this:
Text Formatted Code
// begin file public_html/index.php:
<? include '../hidden/index.php' ?>
// end file
 
 Quote

Status: offline

1000ideen

Forum User
Full Member
Registered: 08/04/03
Posts: 1298
I understand that files are potentially more secure if they are not accessible at all. Security is a big topic with Geeklog.
On the other hand the more unusual Geeklog is the more it will deter possible users. And if a first install is already a problem... I don`t know what is worse.

Wouldn`t it be o.k. to put a .htaccess over a subdir below public_html?

/public_html/gl-system/ here all the important files
 Quote

Status: offline

Blaine

Forum User
Moderator
Registered: 07/16/02
Posts: 1232
Location:Canada
Well not all users host wth apache. I have many clients running IIS so requiring all sites to use a .htaccess is not the way to go for a standard distribution. GL supports any webserver the way we have it.

Certainly there are other ways to secure your site and knowlegeable users can easily modify to meet their needs - we do not force one way only.
Geeklog components by PortalParts -- www.portalparts.com
 Quote

Status: offline

1000ideen

Forum User
Full Member
Registered: 08/04/03
Posts: 1298
A good hint. I see that the given structure makes much sense.
 Quote

All times are EDT. The time is now 06:59 am.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content