Production style on a shared host

Production style on a shared host

on 28/3/07
 

Most websites written in cake will inevitably end up installed on a shared host. Shared hosts are a great compromise between freedom and cost but one of the things that you typically can't do is change the DocumentRoot (the physical directory on the server that corresponds to the url /). The manual explains how to change between a development (extract your cake files and go) style and a production style (nothing except files that should be directly accessible from the web are in the DocumentRoot) install but how you can apply this to a shared host may not be obvious; and this is what I'll try to explain here.

Why bother

It's unlikely to be a problem to use a development style install on a live site - but I stress the unlikely. That said it does mean that some files that should never ever be directly accessible can be accessed via a url. For any php file this is not a problem, you can't see the file only the output from it which means for example if you tried the url /app/config/database.php would just show at most a blank page. However, depending on the server settings this could mean that some potentially sensitive files (anything in the tmp folder) can be web-accessible effectively to anyone. So before you start logging "Bob logged in", "Bob changed his password to x" make absolutely sure that a curious user can't simply access your debug log and then log in as Bob and change all the prices for your products :) (a preemptive reply: no. I just have an active imagination).

The standard development install

So to start at the beginning, once upon a time.. no wait - wrong beginning :D. Ahem: Consider a new clean site on a shared host; where the DocumentRoot is on the server is 100% unimportant, as only relative paths will be used in this post (as I would recommend for reality as well), however it will be assumed that the server has a top level folder named DocumentRoot for simplicity.

A development install would therefore look something like this:

  • DocumentRoot
    • app
      • webroot (1)
        • .htaccess (2)
        • index.php (3)
      • .htaccess
      • index.php
    • .htaccess
    • index.php

The 'important' folder, index and .htaccess file has been marked. If you own the server, you could just change the DocumentRoot to point to the webroot folder, but if you don't have that option...

Production file locations

The goal here is to maintain a easy means of upgrading your cake app, and make only the files in or under the webroot folder directly accessible from the web. The truth is it's not very difficult to do :).

First, it is necessary to move some files around, create a folder to hold your files outside the DocumentRoot. Where it is, and what it is called is again, 100% unimportant.

In the example below I have created a folder named 'website_files' to house everything, and moved everything that was previously in the DocumentRoot into it. The second and last step is to copy the contents of the webroot folder back into the DocumentRoot so that there is a tiny cake presence to receive and process those url requests.

  • DocumentRoot (1)
    • .htaccess (2)
    • index.php (3)
  • website_files
    • app
      • views
    • vendors

Editing the index file

As might be obvious from the last dir layout, the index and .htaccess files that are no longer web accessible can be deleted. This leaves only the index (2) and .htaccess (3) file that were previously residing in the weboot folder. If you only move files and folders around, you will be unsurprised to discover that cake will not be able to find various files and it doesn't work; however with a single change to your index.php file to tell cake where your ROOT is - you're good to go again. Below is an example index file, with the definition for the ROOT constant modified. It is worth noting that a relative path has been used to define the root, which is good practice to make the files location independent - quite useful if your development machine file locations don't match your server, or runs a different operating system.

 

<? php 
/*  SVN FILE: $Id: index.php 29 2007-02-08 21:53:21Z Andy $  */  
/*
* Short description for file. 

* Long description for file 

* PHP versions 4 and 5 

* CakePHP : Rapid Development Framework <http://www.cakephp.org/> 
* Copyright (c) 2006, Cake Software Foundation, Inc. 
* 1785 E. Sahara Avenue, Suite 490-204 
* Las Vegas, Nevada 89104 

* Licensed under The MIT License 
* Redistributions of files must retain the above copyright notice. 

* @filesource 
* @copyright Copyright (c) 2006, Cake Software Foundation, Inc. 
* @link http://www.cakefoundation.org/projects/info/cakephp CakePHP Project 
* @package cake 
* @subpackage cake.app.webroot 
* @since CakePHP v 0.2.9 
* @version $Revision: 29 $ 
* @modifiedby $LastChangedBy$ 
* @lastmodified $Date: 2007-02-08 22:53:21 +0100 (jue, 08 feb 2007) $ 
* @license http://www.opensource.org/licenses/mit-license.php The MIT License 
*/  
/*
* Do not change 
*/  
if  ( ! defined ( ' DS ' )) { 
define ( ' DS ' ,  DIRECTORY_SEPARATOR); 

/*
* These defines should only be edited if you have cake installed in 
* a directory layout other than the way it is distributed. 
* Each define has a commented line of code that explains what you would change. 

*/  
if  ( ! defined ( ' ROOT ' )) { 
// define('ROOT', 'FULL PATH TO DIRECTORY WHERE APP DIRECTORY IS LOCATED DO NOT ADD A TRAILING DIRECTORY SEPARATOR'; 
//You should also use the DS define to seperate your directories 
//define('ROOT', dirname(dirname(dirname(__FILE__)))); 

define ( ' ROOT ' ,   dirname ( dirname ( __FILE__ ))  .  DS  .   " website_files " ); 

if  ( ! defined ( ' APP_DIR ' )) { 
// define('APP_DIR', 'DIRECTORY NAME OF APPLICATION'; 
define ( ' APP_DIR ' ,   ' app ' ); 

/*
* This only needs to be changed if the cake installed libs are located 
* outside of the distributed directory structure. 
*/  
if  ( ! defined ( ' CAKE_CORE_INCLUDE_PATH ' )) { 
// define ('CAKE_CORE_INCLUDE_PATH', FULL PATH TO DIRECTORY WHERE CAKE CORE IS INSTALLED DO NOT ADD A TRAILING DIRECTORY SEPARATOR'; 
//You should also use the DS define to seperate your directories 

define ( ' CAKE_CORE_INCLUDE_PATH ' ,  ROOT); 

//
//DO NOT EDIT BELOW THIS LINE// 

//

if  ( ! defined ( ' WEBROOT_DIR ' )) { 
define ( ' WEBROOT_DIR ' ,   basename ( dirname ( __FILE__ ))); 

if  ( ! defined ( ' WWW_ROOT ' )) { 
define ( ' WWW_ROOT ' ,   dirname ( __FILE__ .  DS); 

if  ( ! defined ( ' CORE_PATH ' )) { 
if  ( function_exists ( ' ini_set ' )) { 
ini_set ( ' include_path ' ,   ini_get ( ' include_path ' .  PATH_SEPARATOR  .  CAKE_CORE_INCLUDE_PATH  .  PATH_SEPARATOR  .  ROOT  .  DS  .  APP_DIR  .  DS); 
define ( ' APP_PATH ' ,   null ); 
define ( ' CORE_PATH ' ,   null ); 
else  { 
define ( ' APP_PATH ' ,  ROOT  .  DS  .  APP_DIR  .  DS); 
define ( ' CORE_PATH ' ,  CAKE_CORE_INCLUDE_PATH  .  DS); 


require  CORE_PATH  .   ' cake '   .  DS  .   ' bootstrap.php '
if  ( isset  ( $_GET [ ' url ' ])  &&   $_GET [ ' url ' ===   ' favicon.ico ' ) {}  else  { 
$Dispatcher = new  Dispatcher(); 
$Dispatcher -> dispatch( $url ); 

echo   " <!--  "   .   round (getMicrotime()  -   $TIME_START ,   4 .   " s --> "
?>  

 

Wrapping up

By moving some folders around, it is possible to make a shared-hosted website more secure without introducing any complexity. Even if you have the option to change your DocumentRoot it may be desirable for one reason or another to modify the cake folder structure. A clear separation is made between the files that can be directly accessed, and those that can only be accessed via cake. If you can think of an improvement to this approach (although how something so simple can be improved I don't know :D), or do something slightly different, I'd be interested to know.

Bake on!

  
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值