Security Audit of Document Root

BigDawgRob · **Security Audit of Document Root -** 15-02-2007, 05:54 PM

Hi,

I'm currently reviewing my Kayako server against 'Essential PHP Security' (http://www.oreilly.com/catalog/phpsec/). One recommendation is that:

Quote:

In order to prevent backdoor URLs, make sure you store your includes out of document root. The only files that should be stored within document root are those that absolutely must be accessible via URL.

I note that Kayako stores all it's files in the document root. Does anyone have any comments of if they feel the above quote is relevent to Kayako or any tips of how to avoid security breaches of this nature?

Thanks,
Rob

**bear** · 16-02-2007, 04:30 PM

I don't know as much as I'd like about security, but having them in the "www" directory means that on many systems folks could see them from inside the server if they had sufficient access, so, yes, it's a problem. Of course, if someone has that sort of access you have some issues anyway...

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Spell Checker Failure.	Darren	SupportSuite, eSupport and LiveResponse	23	30-10-2006 05:06 PM
Successful install on Debian Stable	Mike_eQuest	Installation & Upgrading	1	13-06-2006 02:23 PM

bear Offline Community Moderator Posts: 677 Join Date: Jan 2005	16-02-2007, 04:30 PM I don't know as much as I'd like about security, but having them in the "www" directory means that on many systems folks could see them from inside the server if they had sufficient access, so, yes, it's a problem. Of course, if someone has that sort of access you have some issues anyway...