Ubuntu Question posted in
The official Ubuntu documentation can be found here.

Ubuntu – Best Directory for PHP include_path

I understand that best security practices indicate I should move my sensistive PHP files (such as those that contain connection information) out of the web server root, which is in my case /var/www/html.

But to where? What directory is the industry standard or best practice? For now, I have created a directory for the PHP incude_path under /var/www, so that my include_path is var/www/php_incudes. But I am not sure that is the best place.

My environement is Ubuntu Linux running Apache 2 and PHP 8.2.21.

Thank you.

Tags:

2

Answers


  1. 0

    Most of the time you will see a PHP project live in any folder. Personally I had mine in /opt. But a project (like symfony) is created as following:

    my_project/
├─ bin/
│  └─ console
├─ config/
│  ├─ packages/
│  └─ services.yaml
├─ public/
│  └─ index.php
├─ src/
│  ├─ Controller/
│  ├─ Entity/
│  ├─ Repository/
│  └─ Kernel.php
├─ templates/
├─ tests/
├─ translations/
├─ var/
│  ├─ cache/
│  └─ log/
├─ vendor/
└─ .env

    In your apache or nginx you set the entrypoint in the public folder so it won’t expose other files

    Login or Signup to reply.
  2. 0

    To move out of web root means move to some place that is not web accessible – like /var/www/src if your index.php is located in /var/www/html

    But consider this:

    Don’t set inclide_path at all and use your custom (or the one from Composer) autoloaders for classes folowing PSR4 standard.

    Always provide full path to your file_get_contents and other methods.

    That way you will always know that you are actually loading what you want instead of random files in include_path

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search