Jump to content
Larry Ullman's Book Forums

Yii-1.1.10 On Web Server


Edward
 Share

Recommended Posts

Usually when i created a Yii app on the localhost, i have this arrangement

 

C:/xampp/htdocs/yii-1.1.10

C:/xampp/htdocs/testapp (testapp being generated by Yiic at the Yii application)

 

I can see that this folder yii-1.1.10 has to be there for the framework to be able to run as well at the yii files i have in the testapp which was generated. But if i install this on a hosting server i don't want to have to put www.mydomain.com/testapp/index.php to be able to run it i would prefer to run this from www.mydomain.com/index.php. So my question is it safe to have the yii-1.1.10 folder in the same area as the index.php for testapp. Or how should we go about doing this? Do we also need to change file permissions of every folder or is the way Yii default has them already okay? These may seem dumb questions but this is my first time with a live host.

Link to comment
Share on other sites

Thanks ill just do that then, i will use Yiic to generate the app within the same directory as the Yii folder. Thanks Larry.

 

PS I had quite a bit of work to do over the last few months, but now I'm onto this stuff everyday, so i will have loads of questions for you :D But i will do my best to help out others here that is if Hartley San doesn't beat me to it!

 

The database chapters of yours have given me a lot more confidence, so i want to get some tables built live and see how i can configure these options with Yii just for fun. I also see all that same stuff now that was in Knowledge is power. I haven't done coffee shop yet, but plan to finish that when this book is done.

Link to comment
Share on other sites

I managed to successfully install the yii on the server with the yii framework folder in the root folder. I have Linux Cent OS operation systme, when i installed it and tried to run the application i got one error:

 

Application runtime path "/var/www/vhosts/mydomain.com/protected/runtime" is not valid. Please make sure it is a directory writable by the Web server process.

 

The folder permissions were 755 as default, i changed this to 777 and then the application run, but i am concerned is this safe to have 777 on this runtime directory at all times?

Link to comment
Share on other sites

I got more errors coming up here, did this happen to you Larry and is 777 okay to use. Is this issue with Cent OS?

 

CAssetManager.basePath "/var/www/vhosts/mydomain.com/assets" is invalid. Please make sure the directory exists and is writable by the Web server process.

Link to comment
Share on other sites

Those two directories need to be writable in order for the framework to write data there. It's a cost of doing business, so to speak.

 

Do all standard frameworks and web applications have folders like this to work? If the folder is open like that does it mean that an outside source could load up a php hack file into the directory and do server damage, or is there some protection against that with the Yii framework?

Link to comment
Share on other sites

No, not all frameworks do this necessarily, but it's not uncommon. Yii does this to write assets to those folders for better performance.

 

No outside source has access to your server at all. Only server users can do things on the server. Any potential security concern would be if, for example, you have a script that handles uploads and doesn't do a good job of making sure those uploaded files are safe.

Link to comment
Share on other sites

  • 2 weeks later...

"No outside source has access to your server at all. Only server users can do things on the server. Any potential security concern would be if, for example, you have a script that handles uploads and doesn't do a good job of making sure those uploaded files are safe."

 

For a while now, I have been trying to get a better understanding of (Apache) webservers, file-permission, owners, groups and users. I checked with some experienced PHP-programmers (which I am not) and even they had to fess up that they did not really know.

 

For example, I am unclear how much of this security is hoster-specific. (I use Dreamhost myself).

 

What would be a good source? Or do you have a book on this, already?

Link to comment
Share on other sites

In Larry Ullman's Effortless E-commerce book there is examples of file-permissions and more in depth security talk. Larry's web site coffee shop in the 2nd part of the book would be great to work through for the experience. But generally speaking you will not find any better books on the market for learning web development than Larry's. So it would be wise to purchase some of them now, or spend more time learning the hard way. You will find them all on Amazon.com ^_^

Link to comment
Share on other sites

 Share

×
×
  • Create New...