If you have no access to the Apache configuration, then I don't see how you can use the symfony framework securely. You *must* be able to define the web root of your virtual host for the symfony framework to be secure.
I'm sure there's a "hacky" way to get it to work with your setup. But you really need to use a host where you can properly configure your site. The "web" folder really needs to be your site root. If it's not, then your going to have all kinds of security issues. To help you further with these, we are going to need more specifics on your environment. We obviously know you are using apache, but: 1. What configuration options *do* you have access to. 2. Do you have a single directory (your web root) that you are allowed to upload files to? 3. If not, what directories can you upload files to? 4. Does your web host allow .htaccess overrides? 5. etc.. On Mon, May 31, 2010 at 12:29 PM, RedQueen <s.p.alle...@gmail.com> wrote: > And I tried the solution number 2 from Massimiliano Arione. He said to > copy the sf folder to web folder. I did it (I don't understand what > for but I did it) and what? NOTHING. > I still have to use URL like "www.my_page.com/web" and any stranger > can change the url to "www.my_page.com/apps" and visit my private > files. > If I add alias I have short URL like "www.my_page:8083.com" or > "www.stupid_alias.my_page.com" but on serwer I am in "web" folder. > I want the same without this unnessesary alias > > On 31 Maj, 19:19, RedQueen <s.p.alle...@gmail.com> wrote: > > The problem is I HAVE NO ACCESS TO APACHE.CONFIG. > > And thats why I dont want the alias :D > > > > On 31 Maj, 19:10, Donald Tyler <chekot...@gmail.com> wrote: > > > > > It sounds like you're just having trouble understanding how to setup a > site > > > in Apache. > > > > > If you can you post the apache configuration for your site, maybe I can > > > point you in the right direction. > > > > > On Mon, May 31, 2010 at 12:04 PM, RedQueen <s.p.alle...@gmail.com> > wrote: > > > > I still don't get it :/ > > > > I will try to explain more easy way what I want. So :D:D:D:D > > > > Lets start the basics. After we install the symfony 1.4 acording with > > > > tutorial on the symfony page we have few standard folders like "app", > > > > "config" or "web". Awesome :D > > > > When we will add the alias we can access to "web" folder ONLY!!! And > > > > it is great cause it is safe for my private data like password to > > > > database or anything else. > > > > Actually almost great.... Why?... Cause I WAN'T THE STUPID ALIAS!!! > > > > The problem is when I won't add the alias, any user can open for > > > > example "config/database.yml" file and read my private data. > > > > Who will B so patient to explain me STEP BY STEP or like for a child > > > > to understand this how to avoid to use alias but still have protected > > > > data in symfony folders except "web". Please > > > > > > On 31 Maj, 18:02, Massimiliano Arione <garak...@gmail.com> wrote: > > > > > The alias is needed only for the "sf" folder. > > > > > If you won't (or can't) use an alias, you can just copy "sf" folder > > > > > under your "web" folder > > > > > > > cheers > > > > > Massimiliano > > > > > > > On 31 Mag, 13:56, RedQueen <s.p.alle...@gmail.com> wrote: > > > > > > > > On the main page of Symfony we can find a lot of guides. And it > really > > > > > > help but sometime it dont answer all questions. One of this > question > > > > > > is "What if I don't want any alias?". All tutorials explain we > have to > > > > > > add few lines to apache config file to use the alias. But I dont > want > > > > > > any alias... I just want to write simple URL and get on my site. > What > > > > > > sohould I do? > > > > > > -- > > > > If you want to report a vulnerability issue on symfony, please send > it to > > > > security at symfony-project.com > > > > > > You received this message because you are subscribed to the Google > > > > Groups "symfony users" group. > > > > To post to this group, send email to symfony-users@googlegroups.com > > > > To unsubscribe from this group, send email to > > > > symfony-users+unsubscr...@googlegroups.com<symfony-users%2bunsubscr...@googlegroups.com> > <symfony-users%2bunsubscr...@googlegroups.com<symfony-users%252bunsubscr...@googlegroups.com> > > > > > > For more options, visit this group at > > > >http://groups.google.com/group/symfony-users?hl=en > > -- > If you want to report a vulnerability issue on symfony, please send it to > security at symfony-project.com > > You received this message because you are subscribed to the Google > Groups "symfony users" group. > To post to this group, send email to symfony-users@googlegroups.com > To unsubscribe from this group, send email to > symfony-users+unsubscr...@googlegroups.com<symfony-users%2bunsubscr...@googlegroups.com> > For more options, visit this group at > http://groups.google.com/group/symfony-users?hl=en > -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en
