Symphony.

I’m only a web designer and front-end developer, getting to grips with Symphony so I’m not 100% sure if this question carries any weight.. Having looked at a few frameworks, I noticed Ruby on Rails and MovableType like to keep as much of the code as possible outside of the www/public_html. Would there be any advantages of Symphony taking this approach? thanks

I’m sorry I can’t tell you the specifics of how or why.

Does anyone know what would be necessary to do this? I assume it would be a matter of editing index.php, but are there any other parts of the core that would need to be edited?

It’s all about the paths from document root to (as on my server) htdocs or private folders, htdocs being the web accessible one.

I reckon that Symphony would need a large rewrite to get this behaviour, moving all the core files out of the web accessible folder.

Menalto Gallery2 uses this kind of approach to storing images, for security’s sake, but using that method for images requires re-generating them with PHP for web access to said images.

I personally like the idea of the added security, but don’t think it is really necessary for this kind of CMS.

Wonder what the core devs think?

The main advantages of moving sensitive files outside of the webroot is for security. Imagine if your site is exposed to some sort of attack (or just a bug), where Apache doesn’t crash but PHP does. Your server would then serve php files as plain text files, ie. showing the code. A user could request your config.php file which contains database login info.

As far as I can see it is quite easy to do this with Symphony. Here are the steps I took:

My webroot is /var/www.

1. Move Symphony (everything) to a directory outside the webroot, eg /var/www-safe
2. Link your .htaccess file to /var/www-safe/.htaccess file using ln -s /var/www-safe/.htaccess /var/www/.htaccess
3. Create a new index.php file in /var/www with the content: <?php chdir('/var/www-safe/'); require 'index.php';
4. Link your workspace with ln -s /var/www-safe/workspace /var/www/workspace

This should do it. It worked during the 5 min I tested it, but it shouldn’t in be any problems with it, in theory…

Hey, I like that!

How do you serve images from the workspace folder outside of the web root? Is that a symbolic link you’re making? I have no experience with that stuff…

Yes exactly, by creating a symbolic link a request to example.com/workspace/somefile.txt would send the user the file at /var/www-safe/workspace/somefile.txt.

Wowee, I will give that a shot, thanks

@mqchen and others - How has this been working? Have y’all run into any problems after moving outside the root directory and using symlinks instead?

Hi, As far as I can tell, it worked fine on a production site: designstudier.no

Although it is probably a good idea to make a link for the extensions directory as well (ln -s /var/www-safe/extensions /var/www/extensions), as jit image manipulation requires direct access to it. You also need to link the symphony/assets directory for the admin panel to work. To make that link you need to create a symphony directory in your web root, and create an assets link in there.