Closed darkdragon-001 closed 3 years ago
Hi @darkdragon-001, thanks for the pull request.
This improves the current code, but I see some drawbacks, especially for people not using Docker:
As _tmp
directory is not available, it won't work by default. Also, "notes.htaccess" file is not useful by default and there is no indication that it should be moved and renamed. (At the same time, I know it is not ideal to have that directory inside the docroot, but we have a comment in the source code explaining that).
Docker related files are not useful to everybody. As the project aims for simplicity and minimalism, I am a bit reluctant to include more files in the docroot (such as minimalist-web-notepad-entrypoint
). Could we put all docker-related files in a Docker subdirectory? Sorry, I don't know how easy it is to do that.
Regards Pere
- As
_tmp
directory is not available, it won't work by default. Also, "notes.htaccess" file is not useful by default and there is no indication that it should be moved and renamed. (At the same time, I know it is not ideal to have that directory inside the docroot, but we have a comment in the source code explaining that).
Probably, it should be done in the php
file (create directory and create .htaccess
if it doesn't exist).
- Docker related files are not useful to everybody. As the project aims for simplicity and minimalism, I am a bit reluctant to include more files in the docroot (such as
minimalist-web-notepad-entrypoint
). Could we put all docker-related files in a Docker subdirectory? Sorry, I don't know how easy it is to do that.
Usually, it's the other way round: Project files (README
, LICENSE
, Dockerfile
, ...) are in the repository root and application/source code files are in a subfolder. Docker has the concept of build context which is the directory where docker build
is run, usually where Dockerfile
resides. Since we want to package the app (.php
, .css
, .js
, ...), these files need to be in the in the same folder as Dockerfile
or in any sub-directory of it.
Probably, it should be done in the php file (create directory and create .htaccess if it doesn't exist).
I'm not sure I want to add more PHP code. Also, write access should not be required.
Usually, it's the other way round [...]
Yes, that's right... I may consider creating a docroot
directory...
Probably, it should be done in the php file (create directory and create .htaccess if it doesn't exist).
I'm not sure I want to add more PHP code. Also, write access should not be required.
Well, you need write access to write the notes files anyway!?
Furthermore, I think the notes should not live in the docroot for security reasons anyways. When using nginx, they are not protected by .htaccess
.
Usually, it's the other way round [...]
Yes, that's right... I may consider creating a
docroot
directory...
Yeah docroot
, public
, app
, anything is fine. This would also give the great opportunity to separate docroot
and notes
/_tmp
folder :wink:
Well, you need write access to write the notes files anyway!?
Yes, but not necessarily access to write in the parent directory to be able to create the notes
directory.
When using nginx, they are not protected by .htaccess
Yes, although the risk is low here, it just allows an attacker to download files, and he already can access the content if he knows the filename. But yes, should be moved outside public directory.