[nycphp-talk] FUNDAMENTALS #1: Site Structure
Adam Fields
fields at surgam.net
Thu Sep 4 11:51:25 EDT 2003
On Thu, Sep 04, 2003 at 11:10:02AM -0400, Sexton, David wrote:
> True. I guess it's actually a moot point since we're talking about security
> in general. Whether you place your files in one directory or another... if
> someone gains significant access to the box, you're exposed. Then again,
> someone gaining FTP access using brute force could download the PHP source
> code if it's in a readable directory, and considering many hosts grant FTP
> access to your webroot, it would be safer to place the files somewhere else.
If you use FTP, you're asking to be hacked anyway. Use SFTP, SCP, or
WebDAV over SSL (this last is my preference for ease of use). Demand
this of your service providers.
--
- Adam
-----
Adam Fields, Managing Partner, fields at surgam.net
Surgam, Inc. is a technology consulting firm with strong background in
delivering scalable and robust enterprise web and IT applications.
http://www.adamfields.com
More information about the talk
mailing list