On Fri, May 31, 2013 at 12:25 AM, Dan Egli <[email protected]> wrote:
> And I'm confused about the idea of writing outside of webroot. My > understanding of webroot is that it's simply where Apache looks for files > that are not part of any separate dedicated path, and beyond that have no > effect. If someone managed to break into a shell from Apache, wouldn't they > still see the normal root file system? Unless it was chrooted of course. > But that would mean, I think, that I'd have to store the files inside the > chroot jail. After all, PHP is being called by Apache, so wouldn't it > inherit Apache's chroot? > Yes. But having the files outside of the webroot is a simple way to prevent people from accessing the file directly from a browser ( http://yoursite.com/actual/path/to/file.zip). David Landry /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
