Geek Answers Handbook

CakePHP: plugins in a production environment

In a production deployment, you will not have your folder / application in the public webroot; it takes only one careless finger mistake to turn private business assets, such as PHP files, into plain text on the Internet. advanced and production installation instructions in the book describes how to topologically isolate the webroot directory so that you can create folders containing PHP files that are available only to you. This technique has worked great for me for a while, but now I want to use and develop plugins.

The CakePHP book omits the discussion of plugins in production deployments. For those of you who use CakePHP during the production process using plugins, how do you make all the objects in this webroot directory of the plugin publicly available?

Do you create a plugins folder in webroot and then plugins symlink / my_plugin_name for the plugin website? Do you manually copy the plugin webroot folder to webroot? Do you bite a bullet and just move the plugins folder in webroot? Are you using some fancy plugin to feed content?

What is the best solution?

+4
source share
1 answer

It sounds like you have to manually copy files from the plugins website to your own website. If it's in production, I suppose you're not going to enable or disable the plugin often (as you would in development), so this will be a one-time process.

In addition, by doing so in this way, your personal assets are saved from public folders, maintaining the security you are worried about.

On the other hand

If the plugin is open source, make a simple exit and discard the entire suction cup in the web root. If this is compromised, you do not care, because the files are freely distributed in any case.

0
source

More articles:


All Articles