Separating Public Files

  • published on May 9th, 2008

    In chapter 5 of the book, we discuss the importance of separating public files in your web applications. Rails applications have a separate public/ directory where all public assets such as CSS, Javascript, and images are stored. No configuration files or Ruby code is stored in this directory, and we don’t need to worry about server directives being set correctly to secure files our application.

    The word public/ is perfectly descriptive, and acts as a cognitive warning when serving content. Anything in the public/ directory is free and open for users to download.

    It’s a great idea to use this same idea in PHP applications. PHP should interpret files with certain file extensions (such as files ending in .php), but mistakes happen. When you name the web accessible directory of your applications public/, it is immediately obvious as to the accessibility of the content. This raises a red flag when you’re uploading sensitive documents or information into a publicly accessible directory.

    Most of the PHP frameworks follow this idea, and keep their application logic in a directory that is not publicly accessible from the web.

This entry was posted on Friday, May 9th, 2008 at 2:45 pm. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Post a comment


We welcome your participation but please note we reserve the right to remove any comments that we think are not relevant or do not contribute to the discussion.