|
Smarty
WARNING: All discussion is moving to https://reddit.com/r/smarty, please go there! This forum will be closing soon. |
|
View previous topic :: View next topic |
Author |
Message |
Grisword Smarty n00b
Joined: 25 Aug 2003 Posts: 4
|
Posted: Mon Aug 25, 2003 9:25 am Post subject: a question about smarty installation |
|
|
In the manual Smarty-2.5.0-docs.pdf, i found this :
Quote: |
The Smarty directories are
only accessed by the Smarty library and never accessed directly by the web browser.
Therefore to avoid any security concerns, it is recommended to place these directories
in a directory off the document root.
|
i am using virtual host for my web site
i can not place these directories in a directory off the document root.
so i want to know if I put these directories in the document root, what is the disadvantage? |
|
Back to top |
|
messju Administrator
Joined: 16 Apr 2003 Posts: 3336 Location: Oldenburg, Germany
|
Posted: Mon Aug 25, 2003 9:44 am Post subject: |
|
|
for example: your templates are readable by a webbrowser. someone can download them and look for programming errors, or for stuff like {if $admin}...{/if} that he shouldn't know about.
your templates_c-folder contains php-files that a either readable by the webbrowser or executed out of context by the webserver (depending on smarty-version and webserver-settings). the former suffers from the same problems as the tpl-files above the latter, though unlikely, can lead to nasty unintended side-effects.
these two are just a starter. people can get really creative when it comes to misusing/exploiting computers (seems to be some strange anomaly of darwinism ) |
|
Back to top |
|
Grisword Smarty n00b
Joined: 25 Aug 2003 Posts: 4
|
Posted: Mon Aug 25, 2003 12:51 pm Post subject: |
|
|
thanks!
this was exactly what i was looking for. |
|
Back to top |
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|