I have a quick question concerning the document root directory. All my PHP files are in the directory:
/var/www/html/
However, I also have several include files containing email addresses and MySQL login info in a separate directory. I was told that this is a good way to keep this information private and secure. These files are located in the following directory:
/var/www/includes/
Is this directory considered out of the document root? Or does the document root start at the "/var/www" level?
If you're the only domain in your server , then
/var/www/html/ <-- That is your doc root.
You can easily find out what is your doc root by checking what your TLD calls.
For example:
http://www.yourdomain.com/ calls a document (ex: index.html) in /var/www/html/
Aye, that's in the document root - get outside www (public_html) to stop them pryin' eyes when things go bad.
cool. thanks. yeah, i was almost positive i knew the answer. the closer we're getting to launch, the more paranoid i'm getting. is that normal???
It's good to get paranoid around the web these days. Another thing to get paranoid about is being ready before the launch. I mean really ready. I've seen people invest a lot of money in mail shots and promotion for a launch, but not be ready when they should have been. Bang goes the promortion, and worse, all the media and suchlike that try to hit your site when it's down are left with a totally negative impression.
It is better to delay the promotion for a fortnight than have that happen. So, make sure it is ready then wait a fortnight and make sure it is still ready before you start promoting it. Get everyone you know to test the new site out, get them to hammer it and see what happens.
As to securing files and stuff from prying eyes, spend some time reading up on all the lovely things you can do with .htaccess , and implement all the security you can.
Yeah, no kidding. Who would've thought that determing something simple like how much bandwidth is needed would be such a headache.
Anyway, yeah, I guess security is my biggest concern. I've tried to read up on all the articles and topics on this forum related to security. I'm in the process of implementing them right now. After finishing up, yeah, I was going to get everyone I know to test out the site, and then probably find a security company and get our site audited. Any recommendations regarding that? Anything else you can recommend to look for?