Security Announcement

Always make sure that the project root is not the document root.

Project root should not be the document root

“Document root” means that any file inside this directory can be accessed from the browser. It’s normally not a good idea to let your project directory be the document root because there will always be files in your project that shouldn’t be publicly accessible.

Let’s create a new file called secret.txt in our project directory. Copy the following text into the new secret.txt file:

Create a free account to view this lesson.

By signing up, you agree to Educative's Terms of Service and Privacy Policy