|
Smarty
WARNING: All discussion is moving to https://reddit.com/r/smarty, please go there! This forum will be closing soon. |
|
View previous topic :: View next topic |
Author |
Message |
siu Smarty n00b
Joined: 05 Nov 2003 Posts: 4 Location: SPS, Honduras
|
Posted: Wed Nov 05, 2003 4:05 am Post subject: Is there a way to just upload the smarty files ... |
|
|
Hi, I'm new at smarty and have been using lot of Fast Templates. I'm considering to work with smarty. Nevertheless I see a problem. In order to be able to use smarty I have to follow a series of instruction to install smarty, but what happens like in my case that I work with shared hosting rather than my own server or a private virtual server? I don't have the permissions to install things in places other than my httdocs or site root. Is there a way to install smarty by uploading the needed files into a directory and including this in order to work with smarty? |
|
Back to top |
|
boots Administrator
Joined: 16 Apr 2003 Posts: 5611 Location: Toronto, Canada
|
Posted: Wed Nov 05, 2003 5:06 am Post subject: |
|
|
hi siu.
First, from the soapbox: I would always try to limit the items I expose from my webroot to the minimum entry points required by my app--and hide everything else somewhere less accessible to the public.
More practically: If, as in your case, that is not feasible, it is still generally possible to install Smarty and its accompanying directories into your webroot--perhaps it is even a bit simpler. Still, I would strongly recommend a healthy dose of .htaccess control to protect your libraries, templates, temporary folders, etc. as much as you can.
You should be able to modify the basic install instructions in the docs without too much difficulty. In this recent thread on Base Path, both Alan and Tk make great suggestions that you could employ as well (my suggestions in those thread are probably a little less appropriate for your situtation).
HTH |
|
Back to top |
|
siu Smarty n00b
Joined: 05 Nov 2003 Posts: 4 Location: SPS, Honduras
|
Posted: Thu Nov 06, 2003 8:57 am Post subject: Thanx for your response boots |
|
|
Thanx for your response boots! I'll read the thread and try to install smarty in the web root.
Just one question, what can possibly happen if I let smarty in my web root? Can somebody mess with those files? Can somebody mess with the website? |
|
Back to top |
|
boots Administrator
Joined: 16 Apr 2003 Posts: 5611 Location: Toronto, Canada
|
Posted: Fri Nov 07, 2003 9:18 am Post subject: |
|
|
hi siu.
It is really a matter of trying to limit your exposure to potential vulnerabilities. Your webroot is essentially a public interface. True, you can setup various securities to help protect what people access, but by limiting what you put in to the webroot in the first place, you are less vulnerable to a compromise (or misconfiguration/bug).
That's generally true--not Smarty specific. There is no chance of attackers gaining access to your sensitive code/data from the webroot if it doesn't exist there in the first place
Of course, you don't always have to follow that type of practice--your risk assessment may show that it is not a warranted concern for your site and needs. Certainly, if you are willing to keep all of your application files and data in your webroot, having smarty and its directories there doesn't particularly add to the exposure, IMO. |
|
Back to top |
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|