move media & index.php to www #363
Conversation
tenzap
force-pushed
the
feature-078-www-move
branch
from
162d36d
to
23ec1a8
Compare
tenzap
changed the title
|
@kingster I can't figure out how to fix that phpunit error. Could you have a look please? |
tenzap
force-pushed
the
feature-078-www-move
branch
from
23ec1a8
to
5e13ba2
Compare
tenzap
force-pushed
the
feature-078-www-move
branch
from
5e13ba2
to
9b1fcd2
Compare
|
Instead of doing this in the codebase, this could be done as part of the packaging step maybe? I reason I say is for a usecase in which a user want to host kalkun at a subdirectory instead of a top-level directory (In that case making this changes might not make sense in source repo) |
That's already done in the Debian packages.
What do you mean by What concerns me, is that the files that are at the root of the dir (CREDITS, Readme, the scripts dir...) are all accessible from the webserver which I think is not good practice and may be a security risk. It would be better to have the files that should be accessible in www only. If the user has the root of the server to If not selfhosted, where one has no access to server config, but still has mysql or another DB... I don't know. Do such setups still exist nowadays? |
I meant that user wants it at
Users should never unpack a git repo in the www directory. They should instead use the
Well these still do, its called shared hosting. On these hosting a user won't be able to host gammu as they won't have physical access. But if in future when we support both incoming/outgoing (today only outgoing is supported) with online service providers, then these shared hosting can be used. |
So that only the necessary files are reachable from HTTP server (index.php and media)
See: https://github.com/kalkun-sms/Kalkun/wiki/Making-Kalkun-more-secure
Advantage: Increases security
Drawback:
One has to have control of the configuration of the http server to set the root of the server to
wwwdir