apache 为什么 CodeIgniter 应用程序文件在 public_html 文件夹中?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/1822457/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Why are CodeIgniter application files in the public_html folder?
提问by Matthew
Isn't having all of the files in public view a bad thing?
将所有文件都公开不是一件坏事吗?
Surely things such as /system/application/config/database.php should not be publicly visible!
当然,诸如 /system/application/config/database.php 之类的东西不应该公开可见!
回答by Jon Winstanley
The developers of CodeIgniter, EllisLabs, have set up the framework in this way for ease of use. It means that people wishing to try out the framework don't have to fiddle with any permissions settings on their server.
CodeIgniter 的开发人员 EllisLabs 以这种方式设置了框架以方便使用。这意味着希望试用该框架的人不必摆弄他们服务器上的任何权限设置。
Of course on a production server, you are absolutely right, putting your PHP files in the public HTML folder is not a good idea.
当然,在生产服务器上,您是绝对正确的,将您的 PHP 文件放在公共 HTML 文件夹中并不是一个好主意。
A better way to organise your folders would be:
组织文件夹的更好方法是:
- root
- code_igniter
- application_folder
- config
- controllers
- models
- ...
- system_folder
- application_folder
- public_html
- css
- js
- images index.php .htaccess
- code_igniter
- 根
- 代码点火器
- 应用程序文件夹
- 配置
- 控制器
- 楷模
- ...
- 系统文件夹
- 应用程序文件夹
- public_html
- css
- js
- 图像 index.php .htaccess
- 代码点火器
The only other change to be made here would be to change line 26 of index.php to read:
此处唯一要做的其他更改是将 index.php 的第 26 行更改为:
$system_folder = "../../code_igniter/system-folder";
回答by Corey Ballou
You can add the following rule to your .htaccess file to further protect the system and application directories from being viewed (sends a 403 Forbidden error):
您可以将以下规则添加到 .htaccess 文件中,以进一步保护系统和应用程序目录不被查看(发送 403 Forbidden 错误):
# Protect application and system files from being viewed
RewriteRule ^(application|system) - [F,L]
回答by alfonsodev
With this structure:
使用这种结构:
/application
/system
/public
index.php
You can change in public/index.phpthese two settings and you are done
您可以更改public/index.php这两个设置,您就完成了
$application_folder = '../application';
$system_path = '../system';
回答by serdarsenay
Jon Winstanley's answer is perfect, also don't forget to secure file uploads folder, if you have one. I did that by also moving it outside public root, and get the images using below code:
Jon Winstanley 的回答是完美的,也不要忘记保护文件上传文件夹,如果你有的话。我通过将它移到公共根目录之外来做到这一点,并使用以下代码获取图像:
<?php
// $details = getimagesize($_GET["path"] . '/' . $_GET["image"]);
$details = getimagesize($_GET["path"] . strip_tags($_GET["image"]));
header ('Content-Type: ' . $details['mime']);
readfile($_GET["path"] . strip_tags($_GET["image"]));
exit;
?>
回答by Ty W
Accessing the files within /system/ from a browser will not reveal any sensitive information, because the PHP will be parsed and nothing is output from those files (CI system files may even check to see if a variable has been defined that indicates the file wasn't accessed directly).
从浏览器访问 /system/ 中的文件不会泄露任何敏感信息,因为 PHP 将被解析并且这些文件不会输出任何内容(CI 系统文件甚至可能会检查是否已经定义了一个变量来指示该文件是'不能直接访问)。
That being said, however, you should probably install your entire system folder above web root anyway.
话虽如此,但无论如何,您可能应该将整个系统文件夹安装在 Web 根目录之上。
回答by MiseryIndex
You can always place the system directory outside the public directory. Don't forget to update paths inside the the front controller (index.php).
您始终可以将系统目录放在公共目录之外。不要忘记更新前端控制器(index.php)内的路径。
