You need to be more specific with your question. CakePHP isn't much different to dropping in phpBB or something, with respect to security (sort of).
You follow the same basic rules: Cake sure only the appropriate files and directories are writable (/app/tmp/*), and that's it. Not much difference. The section on httd.conf simply controls where the browser goes to when you type in yousite.com/cakeproject/. Ideally, it should go to /app/webroot/. Even without HTTD access, most shared hosts that allow multiple domains have some method of mapping (at least the add-ons domains. Hostmonster doesn't allow you to move the main domain location). For hosts that don't allow this, CakePHP includes the .htaccess rewrites. These basically forwards the browser to the webroot folder. So, there's not much else to consider when thinking about a shared hosts. A lot of stuff is already locked down, a lot of permissions are already set so that only apache can access certain things. The real security issues come into play when you're running your own server and you have to control all these things manually. On Fri, Feb 15, 2008 at 2:45 AM, domeng <[EMAIL PROTECTED]> wrote: > > Hi! I'm developing a cake app that will be served on shared webhosting > (hostmonster). I've read the manual for installation but the > Production and Advanced installation notes discussed instructions for > somebody with access on httpd config. How can I have a secure > installation of cake on a shared web hosting account? What are the > things that I need to consider? Thank you very much and happy baking > to everyone! > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
