Security Announcement
Understand how to secure your PHP web projects by moving public files into a dedicated subdirectory and setting the server's document root accordingly. This lesson helps you prevent accidental exposure of sensitive project files by properly organizing directories and configuring the PHP built-in server. By the end, you'll know how to keep private data inaccessible via browsers while serving only intended public resources.
We'll cover the following...
Project root should not be the document root
“Document root” means that any file inside this directory can be accessed from the browser. It’s normally not a good idea to let your project directory be the document root because there will always be files in your project that shouldn’t be publicly accessible.
Let’s create a new file called secret.txt in our project directory.
Copy the following text into the new secret.txt file:
MySeCrEtPaSsWoRd
If you go to http://APPLINK/secret.txt, you will ...