As I've been using version control more and more (and I've been using
git, using my free Bitbucket Account), I've just been putting my repo at the document root of my project. But even from the first time, I have been worried about security issues with that.
Not being a h4x0r myself, I don't really know if or how this makes me more vulnerable, but certainly, if I had permissions set incorrectly, they could probably access things in my
.hg/ directory that had something I didn't want people to see.
Regardless, I think we can all agree that if my repo's root was one level above the document root, it would make it that much harder to access.
I started thinking about what else I could change to make things better or more secure, and this is what I came up with:
What I Did
I knew in CodeIgniter, in the main
index.php file, you could set a different path for your
application/ directories, so I decided to move those above one level, too, and prepend
../ to the paths in
There very little complications from doing this. After moving the directories and editing the
index.php, everything worked except one place that I was saving a file to
'application/temp/file.zip', which I had to change to
APPPATH . 'temp/file.zip', which is probably what I should have done in the first place.
As you know, PHP is compiled at runtime, so in 99% of projects I work on, I don't have any real need for a build script, so I normally just sync what I have with the live server. In the past, that means my source
.js files are exposed on the server.
With the new structure, I moved my
srcjs/. All I had to do to make that work was prepend
public/ to my a couple variables in my
config.rb and make sure CodeKit knew where I wanted my compiled (combined and minified) scripts to go.
If you're keeping track, that means that the only things in my public directory (which really could be named
favicon.ico) and CodeIgniter's main
That's pretty awesome. No one has any access to any source files of any kind from the outside. It's clean, more secure, and definitely my new file structure for any new projects.