Moving sensitive files outside the web root

Using symlinks?

Can the same kind of security not be reached using a symlink on *nix systems? So you place the configuration.php above the webroot and place a symlink from the original position to the new place of the configuration.php?

Symlinks defeat this.[edit]

Normally, web servers will follow symlinks. (although this is configurable on most web servers.)

If you move files out of the web root and make a symlink to them the files are still readable by the world.

The advantage of moving read only files out of the web root and making a symbolic link to them is that it allows you to segment your auditing of your server, and allows things as simple as find -type f to locate all files to be audited after a suspected intrusion.

Further more, symlinks can cause certain attacks to fail as they are based on assumptions that are not true.

I am a big fan of symlinks, but they are no substitute for not allowing access to the files in question.

Discussion on the forum[edit]

Moving the reference to the discussion on the forum over to this page. Thread on the forum: forum topic

Talk

Moving sensitive files outside the web root

From Joomla! Documentation

Revision as of 11:05, 4 April 2011 by Realityking (talk | contribs) (→‎Discussion on the forum: new section)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Symlinks defeat this.[edit]

Discussion on the forum[edit]

Talk

Moving sensitive files outside the web root

From Joomla! Documentation

Revision as of 11:05, 4 April 2011 by Realityking (talk | contribs) (→‎Discussion on the forum: new section)(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Symlinks defeat this.[edit]

Discussion on the forum[edit]

Revision as of 11:05, 4 April 2011 by Realityking (talk | contribs) (→‎Discussion on the forum: new section)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)