Yeah I've seen what not having a protected project tree does to web
applications. I've worked for companies with a sites that is full of
security holes on many ends, because the previous developers put
EVERYTHING in the htdocs directory. Any projects I start have this
structure or something very similar, sometimes a conf directory where
I put my configuration files. Sometimes an alias directlry where I
put other directories that are Aliases in the web path. I try to be
smart about give hackers/script kiddies as little access to my
application as possible.
As for where I call my classes, usually at the top of the page where
they will be instanciated, unless they are common to all pages, then
they go in an initialization.inc.php file in the include directory
that is called from the config.ini.php file.
require(SITEBASE.'/include/initialization.inc.php);
James
On Apr 25, 2007, at 11:08 AM, Shaun Rowe wrote:
James Andrews wrote:
My project directory structures are usually something like this
/pathtoproject/htdocs <- actual htdocs directory
/pathtoproject/classes <-- class files I created that aren't in
a library
/pathtoproject/lib <-- libraries and frameworks
(usually my own, sometimes 3rd party)
/pathtoproject/include <-- functions that are not OOP oriented
and need somewhere to live
/pathtoproject/sql <-- sql scripts to create the
database structure.
I create a config.inc.php file in the htdocs directory that
defines the SITEBASE constant as define("SITEBASE",realpath
(dirname(__FILE__).'/..));
Then in all files in the htdocs I require_once($_SERVER
['DOCUMENT_ROOT'].'/config.inc.php');
If I need a class it's as simple as calling require_once
(SITEBASE.'/classes//MyClass.class.php');
Now all my files except what need to be in the htdocs are safely
kept outside of the document root where they can't easily be
attacked.
James
That's a much better answer than mine! :)
Shaun
|
