Open KagisB opened 2 years ago
KagisB
commented
2 years ago Some progress, the project is now inside the app folder, which contains all the code for actually getting and displaying data. Don't know for sure if it is now more secure, since i don't think the autoloader works fully correctly now.
Rozkalns
commented
2 years ago to make it safer, you still should create an entrypoint public/index.php file, and configure your nginx so, the docroot would be this public folder.
KagisB
commented
2 years ago Tried to change the root to /public, didn't work initially, need to change routing or something else in the nginx configuration, because I assume it was now trying to find /app/views/login.php ,for example, in the public folder, while right now the app folder is in the same directory as the public folder. Maybe need to put the app folder inside this public folder, but that feels like it would break the whole point of putting the root in public/index.php in the first place.
Rozkalns
commented
2 years ago Yep, thats true, it will break the idea of keeping app logic out of the publicly accessible part. You need to keep the BASE constant, and use that all across the code. And the BASE for your application should be step lower than the base doc root in your nginx config. Thats the point ;)
Currently the files are not stored and accessed in a safe way, meaning they can be tampered with easily. Should restructure the project to make it more secure from outside intrusion.