Closed darkdragon-001 closed 3 years ago
darkdragon-001
commented
4 years ago 
pereorga
commented
3 years ago Hi @darkdragon-001, thanks for the pull request.
This improves the current code, but I see some drawbacks, especially for people not using Docker:
As _tmp directory is not available, it won't work by default. Also, "notes.htaccess" file is not useful by default and there is no indication that it should be moved and renamed. (At the same time, I know it is not ideal to have that directory inside the docroot, but we have a comment in the source code explaining that).
Docker related files are not useful to everybody. As the project aims for simplicity and minimalism, I am a bit reluctant to include more files in the docroot (such as minimalist-web-notepad-entrypoint). Could we put all docker-related files in a Docker subdirectory? Sorry, I don't know how easy it is to do that.
Regards Pere
darkdragon-001
commented
3 years ago
- As
_tmpdirectory is not available, it won't work by default. Also, "notes.htaccess" file is not useful by default and there is no indication that it should be moved and renamed. (At the same time, I know it is not ideal to have that directory inside the docroot, but we have a comment in the source code explaining that).
Probably, it should be done in the php file (create directory and create .htaccess if it doesn't exist).
- Docker related files are not useful to everybody. As the project aims for simplicity and minimalism, I am a bit reluctant to include more files in the docroot (such as
minimalist-web-notepad-entrypoint). Could we put all docker-related files in a Docker subdirectory? Sorry, I don't know how easy it is to do that.
Usually, it's the other way round: Project files (README, LICENSE, Dockerfile, ...) are in the repository root and application/source code files are in a subfolder. Docker has the concept of build context which is the directory where docker build is run, usually where Dockerfile resides. Since we want to package the app (.php, .css, .js, ...), these files need to be in the in the same folder as Dockerfile or in any sub-directory of it.
pereorga
commented
3 years ago Probably, it should be done in the php file (create directory and create .htaccess if it doesn't exist).
I'm not sure I want to add more PHP code. Also, write access should not be required.
Usually, it's the other way round [...]
Yes, that's right... I may consider creating a docroot directory...
darkdragon-001
commented
3 years ago Probably, it should be done in the php file (create directory and create .htaccess if it doesn't exist).
I'm not sure I want to add more PHP code. Also, write access should not be required.
Well, you need write access to write the notes files anyway!?
Furthermore, I think the notes should not live in the docroot for security reasons anyways. When using nginx, they are not protected by .htaccess.
Usually, it's the other way round [...]
Yes, that's right... I may consider creating a
docrootdirectory...
Yeah docroot, public, app, anything is fine. This would also give the great opportunity to separate docroot and notes/_tmp folder :wink:
pereorga
commented
3 years ago Well, you need write access to write the notes files anyway!?
Yes, but not necessarily access to write in the parent directory to be able to create the notes directory.
When using nginx, they are not protected by .htaccess
Yes, although the risk is low here, it just allows an attacker to download files, and he already can access the content if he knows the filename. But yes, should be moved outside public directory.