I wrote about this recently at http://akrabat.com/zend-framework/zend-framework-on-a-shared-host/.

我最近在http://akrabat.com/zend-framework/zend-framework-on-a-shared-host/ 上写了这个。

The basics are:

基础知识是：

Create an index.php in the root folder:

在根文件夹中创建一个 index.php：

<?php 
define('RUNNING_FROM_ROOT', true);
include 'public/index.php';

Create a .htaccess file in the root folder:

在根文件夹中创建一个 .htaccess 文件：

SetEnv APPLICATION_ENV production

RewriteEngine On
RewriteRule .* index.php 

Maybe set the APPLICATION_ENV to development whilst testing :)

也许在测试时将 APPLICATION_ENV 设置为 development :)

Be aware that when referencing static files the baseUrl() view helper now points to your root folder not your public/ folder.

请注意，在引用静态文件时，baseUrl() 视图助手现在指向您的根文件夹，而不是您的 public/ 文件夹。

You can keep the usual directory structure on shared hosting. Just change the document root with .htaccess. I do it like this when dealing with a shared hosting:

您可以在共享主机上保留通常的目录结构。只需使用 .htaccess 更改文档根目录。在处理共享主机时，我是这样做的：

RewriteEngine On

php_value upload_max_filesize 15M
php_value post_max_size 15M
php_value max_execution_time 200
php_value max_input_time 200
# Exclude some directories from URI rewriting
#RewriteRule ^(dir1|dir2|dir3) - [L]

RewriteRule ^\.htaccess$ - [F]

RewriteCond %{REQUEST_URI} =""
RewriteRule ^.*$ /public/index.php [NC,L]

RewriteCond %{REQUEST_URI} !^/public/.*$
RewriteRule ^(.*)$ /public/

RewriteCond %{REQUEST_FILENAME} -f
RewriteRule ^.*$ - [NC,L]

RewriteRule ^public/.*$ /public/index.php [NC,L]

If I add a .htaccess in the application folder with deny from all is the information secure inside the folder?

如果我在应用程序文件夹中添加一个 .htaccess 并拒绝所有人，文件夹内的信息是否安全？

It's not an ideal solution because if the provider would change the way .htaccessfiles are parsed (which they never will on a production machine, it would have to be a bad accident if that happened) but I guess it's the best you can get if there's no non-public directory.

这不是一个理想的解决方案，因为如果提供商会改变.htaccess文件的解析方式（他们永远不会在生产机器上这样做，如果发生这种情况，那将是一个严重的事故）但我想这是最好的，如果没有的话非公开目录。

If you can (I don't know whether ZF supports it), rename the xmland inifiles to .php. That way, even if the protection is removed, they would get parsed as PHP files instead of being served to the public. It's a bit paranoid but if it's doable without much hassle, not a bad idea.

如果可以（我不知道 ZF 是否支持），请将xml和ini文件重命名为.php. 这样，即使删除了保护，它们也会被解析为 PHP 文件，而不是提供给公众。这有点偏执，但如果它没有太多麻烦就可行，这不是一个坏主意。

Do you only have access to the public directory on the virtual host? Usually hosts give you access to at least one directory above that, in which case a much better solution would be to create a folder there into which you put your application. You would then symlink the public vhost directory into the public directory of your app. Failing that, you could at least keep your configuration files outside of your vhost's public directory, since you can easily tell ZF where they are located.

您是否只能访问虚拟主机上的公共目录？通常，主机允许您访问至少一个上面的目录，在这种情况下，更好的解决方案是在那里创建一个文件夹，您可以将应用程序放入其中。然后，您可以将公共 vhost 目录符号链接到您的应用程序的公共目录中。否则，您至少可以将配置文件保存在 vhost 的公共目录之外，因为您可以轻松地告诉 ZF 它们所在的位置。

If you absolutely can't do either of these things then you will have to use a file structure like the one you suggested. Assuming your sensitive ini/XML files are for use with Zend_Config, the component also supports PHP arrays for configuration (see example #1 at http://framework.zend.com/manual/en/zend.config.introduction.html). This would be a slightly more secure option for you, as on the off chance your htaccess file wasn't working, your sensitive data wouldn't be viewable as long as PHP files were still being parsed as PHP.

如果您绝对不能做这些事情中的任何一件，那么您将不得不使用您建议的文件结构。假设您的敏感 ini/XML 文件用于 Zend_Config，该组件还支持 PHP 数组进行配置（参见http://framework.zend.com/manual/en/zend.config.introduction.html 上的示例 #1 ）。这对您来说是一个稍微更安全的选择，因为如果您的 htaccess 文件不起作用，只要 PHP 文件仍被解析为 PHP，您的敏感数据就不会被查看。