Reputation: 8622
Where should I put yii framework and protected files?
I am playing with yii, bud I am not sure where to put the framework files. At my shared hosting I have /home/username folder which of course contains public_html. Yii aplication files are supposed go into public_html, but what about the framework? Should it also be placed within public_html or should I place it in /home/username? Would that even work? What about protected folder? Should I leave it together with all the other application files in public_html or should it be moved somewhere else as well?
What is the common way to approach this?
Upvotes: 0
Views: 3335
Answers (2)
Reputation: 8400
The cool thing about most webservers is that it's not a problem to have your actual code a level up higher than the public code. What I use is usually like this:
pubic_html/ <- your /home/user/public_html
mysite.com/
public/ <- The web site root (for apache config)
protected/ <- Your actual code
dependencies/ <- Framework and other libraries you use
db/ <- All database delta scripts
If multiple of your sites use the same libs you can also opt to put them in a common location and add symlinks to it, so you don't use up your server quota with multiple copies. I think you have to ave the FollowSymlinks option enabled for that though if you are using Apache.
IMO limiting what is publicly available to the public/ folder is a good thing. It adds a little bit of extra protection, given that your actual code folder is not accessible from the outside world.
Edit: As I mentioned in my above comment: If your host only allows a single site and it's pre-linked to public_html you could consider an alternative structure where you split everything:
protected_html/
code/ <- Your actual code
dependencies/ <- Framework and other libraries you use
db/ <- All database delta scripts
pubic_html/ <- your /home/user/public_html and website root.
Yii is pretty versatile with allowing configuration for this, the config file is assumed to be under the protected/config folder and whatever is a level higher is considered the location of the models/controllers and so on. Between Rolands answer to include Yii from the other location and a modified include of your config file you should be fine to go.
Upvotes: 3
Reputation: 36839
I usually place them in /home/username , this ensures that no-one could ever access the framework directly. Then once placed there edit the index.php file in public_html to point to the framework directory
$yii=dirname(__FILE__).'/../../yii-1.1.12.b600af/framework/yii.php';
You can place the framework inside the public_html folder as well and then just add a .htaccess file in the framework folder containing the following deny from all assuming override all is enabled in apache, this will also ensure that no-one can access the directory from the browser.
So whereever possible the files and folders that you do not need to be accessed directly from the browser always place them outside the public_html folder for better security assuming that override all in apache is disabled
Upvotes: 1
Related Questions
- Yii2 advanced, when to use the frontend folder and when the backend folder?
- Which folder to add custom helper functions to in Yii
- Where to put common resources in yii2 advanced?
- Can't find protected folder in Yii2 Basic Package
- How to use Yii controller located in folder rather than default `protected/controller`?
- Where should I place the code with roles in Yii framework?
- Security issues with using Yii Framework
- Why placing framework folder outside public root is safer?
- Where to place "common" classes in YII Framework structure?
- Yii Application where to place external API classes