[development] let's cleanup /misc
Darrel O'Pry
dopry at thing.net
Thu Jan 5 19:16:36 UTC 2006
On Thu, 2006-01-05 at 13:29 -0500, Khalid B wrote:
> > 1. Security. Separate public files from non-public files and make it
> > easy to move all non-public files out of the document root.
>
> That is a good idea, and I think this is what Ted (ma3verik) was
> saying all along.
>
> This makes part of Drupal live above DocumentRoot, mainly code
> (includes, modules), as well as configuration (settings.php). CSS
> stuff has to be under DocumentRoot still.
>
> There will be implications if we take this too far though, for
> example, if a module has .css files in it, then do we separate the
> .module from .css in different directories? This would then make
> installation a pain since files have to be copied elsewhere.
ok... I'll conceed on the file system security for settings.php and the
like...
just to propose one filstructure that isn't too massive of a move
around...
1) move settings outside of doc root, since it is probably the only file
that represents a real security risk if it is compromised...
~/drupal-private/default/settings.php
~/drupal-private/example.com/settings.php
2) move everything under drupal folder so sites, modules, etc can exist
as they are, leaving index.php in the doc root.
~/public_html/drupal/
More information about the development
mailing list