I’ve read some article about deploying a website to a host. It has something like cPanel and we put all the source code into the public_html folder. And we can access those file using hostname.com/index.html will be pointed to /public_html/index.html file. My question is:
-
In this case, people can totally access all my source code file inside the public_html directory? It’s too dangerous
-
By the way, some modern web design today is not access page through a file, it’s instead by route. For example with Java spring MVC project: if I design a route hostname.com/users will return a page with all user, hostname.com/user/1 will return a json with user no.1. Those are all accessed by url route so how can I deploy that website in cPanel.
Please explain to me if anyone knows. Thank you.
2
Answers
To answer your first question, no. Not technically. Static items such as HTML/CSS/Javascript/Media Files can be accessed if they know the URL (Or you leave the indexing option enabled. Use .htaccess to disable that). PHP files are safe. The only thing people would be able to see is the OUTPUT of those. I would recommend using PHP when creating websites if possible.
You can achieve similar results to your second question be utilizing the .htaccess file and it’s rewrite properties. You can also use PHP’s POST/GET methods to handle events like you’re suggesting.
I hope this helps!
Take a look at the file permissions settings available in cPanel on LAMP:
You have Owner, Group, & World settings each with read, write, & execute values that can enable fine grained permissions on code, files, & folders on production web servers.