Edward Posted April 20, 2012 Share Posted April 20, 2012 Usually when i created a Yii app on the localhost, i have this arrangement C:/xampp/htdocs/yii-1.1.10 C:/xampp/htdocs/testapp (testapp being generated by Yiic at the Yii application) I can see that this folder yii-1.1.10 has to be there for the framework to be able to run as well at the yii files i have in the testapp which was generated. But if i install this on a hosting server i don't want to have to put www.mydomain.com/testapp/index.php to be able to run it i would prefer to run this from www.mydomain.com/index.php. So my question is it safe to have the yii-1.1.10 folder in the same area as the index.php for testapp. Or how should we go about doing this? Do we also need to change file permissions of every folder or is the way Yii default has them already okay? These may seem dumb questions but this is my first time with a live host. Link to comment Share on other sites More sharing options...
Larry Posted April 20, 2012 Share Posted April 20, 2012 Yes it's safe to put the Yii folder in the Web root directory. It just clutters up the directory, that's all. The permissions will be fine as is. 1 Link to comment Share on other sites More sharing options...
Edward Posted April 20, 2012 Author Share Posted April 20, 2012 Thanks ill just do that then, i will use Yiic to generate the app within the same directory as the Yii folder. Thanks Larry. PS I had quite a bit of work to do over the last few months, but now I'm onto this stuff everyday, so i will have loads of questions for you But i will do my best to help out others here that is if Hartley San doesn't beat me to it! The database chapters of yours have given me a lot more confidence, so i want to get some tables built live and see how i can configure these options with Yii just for fun. I also see all that same stuff now that was in Knowledge is power. I haven't done coffee shop yet, but plan to finish that when this book is done. Link to comment Share on other sites More sharing options...
Edward Posted April 20, 2012 Author Share Posted April 20, 2012 I managed to successfully install the yii on the server with the yii framework folder in the root folder. I have Linux Cent OS operation systme, when i installed it and tried to run the application i got one error: Application runtime path "/var/www/vhosts/mydomain.com/protected/runtime" is not valid. Please make sure it is a directory writable by the Web server process. The folder permissions were 755 as default, i changed this to 777 and then the application run, but i am concerned is this safe to have 777 on this runtime directory at all times? Link to comment Share on other sites More sharing options...
Edward Posted April 20, 2012 Author Share Posted April 20, 2012 I got more errors coming up here, did this happen to you Larry and is 777 okay to use. Is this issue with Cent OS? CAssetManager.basePath "/var/www/vhosts/mydomain.com/assets" is invalid. Please make sure the directory exists and is writable by the Web server process. Link to comment Share on other sites More sharing options...
Larry Posted April 20, 2012 Share Posted April 20, 2012 Those two directories need to be writable in order for the framework to write data there. It's a cost of doing business, so to speak. Link to comment Share on other sites More sharing options...
Edward Posted April 21, 2012 Author Share Posted April 21, 2012 Those two directories need to be writable in order for the framework to write data there. It's a cost of doing business, so to speak. Do all standard frameworks and web applications have folders like this to work? If the folder is open like that does it mean that an outside source could load up a php hack file into the directory and do server damage, or is there some protection against that with the Yii framework? Link to comment Share on other sites More sharing options...
Larry Posted April 21, 2012 Share Posted April 21, 2012 No, not all frameworks do this necessarily, but it's not uncommon. Yii does this to write assets to those folders for better performance. No outside source has access to your server at all. Only server users can do things on the server. Any potential security concern would be if, for example, you have a script that handles uploads and doesn't do a good job of making sure those uploaded files are safe. Link to comment Share on other sites More sharing options...
Ivo Posted May 4, 2012 Share Posted May 4, 2012 "No outside source has access to your server at all. Only server users can do things on the server. Any potential security concern would be if, for example, you have a script that handles uploads and doesn't do a good job of making sure those uploaded files are safe." For a while now, I have been trying to get a better understanding of (Apache) webservers, file-permission, owners, groups and users. I checked with some experienced PHP-programmers (which I am not) and even they had to fess up that they did not really know. For example, I am unclear how much of this security is hoster-specific. (I use Dreamhost myself). What would be a good source? Or do you have a book on this, already? Link to comment Share on other sites More sharing options...
Edward Posted May 5, 2012 Author Share Posted May 5, 2012 In Larry Ullman's Effortless E-commerce book there is examples of file-permissions and more in depth security talk. Larry's web site coffee shop in the 2nd part of the book would be great to work through for the experience. But generally speaking you will not find any better books on the market for learning web development than Larry's. So it would be wise to purchase some of them now, or spend more time learning the hard way. You will find them all on Amazon.com Link to comment Share on other sites More sharing options...
Recommended Posts