Is it secure to keep lib files in a public directory if htaccess is redirecting everything to index.php?
Will htaccess ever fail to redirect?
Are there any loop holes that would allow you to get to the rest of the directory tree?
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Is it secure to keep lib files in a public directory if htaccess is redirecting everything to index.php?
Will htaccess ever fail to redirect?
Are there any loop holes that would allow you to get to the rest of the directory tree?
.htaccess can fail if for whatever reason the webserver decides to stop parsing them. Maybe
AllowOverrideis turned on via an Apache<Directory>directive, and your website gets moved somewhere else and the<Directory>isn’t updated. So now suddenly the .htaccess is off and all files are available.If you don’t want something served up by mistake, then don’t place it within your site’s document root. PHP couldn’t care less about the webserver’s document root and can access files anywhere on the system that the web server has read permissions. So keep “important” files elsewhere, which minimizes the chances of them being served up by accident.