I’m working on an open source VueJS web application (with user authentication). I’d like it to be as simple to set up as possible for people when they download it from my GitHub page, so I figured I could use an SQLite for a database and call PHP files in order to handle the data between the Frontend and the Database.
I searched around and the best I found for my case was this YouTube video, but I’m not entirely sure if the way the person in it sets up the PHP files is secure / correct.
For the sake of argument, let’s suppose this is my file structure:
If I want a folder like this one:
Where should I put it? Outside htdocs? Inside? If it’s the latter, am I supposed to use the “Directory Privacy” thing-y in the cPanel to restrict access to the server folder? If so, would you still be able to make HTTP requests to the PHP files - doing this, is that even secure?
Haven’t really gotten much experience with web applications. Any help would be appreciated!
First of all, the server folder would have to go inside htdocs, file accessing outside of this folder is strictly forbidden. The PHP code inside the folders would be hidden anyway, so you wouldn’t have to worry about that. I have never worked with SQLite before, so I can’t tell you what people would see.
Protecting your SQLite database against public access is a very good idea, because you definitely don’t want people to be able to download it. But uploading files outside the htdocs directory is not possible, and PHP can’t access files there either, so that’s not an option.
The setup in your second screenshot works very well for this. In that situation, you can just create a file with the name .htaccess in the db folder with the contents Require all denied and nobody will be able to access that database through a browser.
