Ok... I really appreciate your help mr Donald. So answer 1) I can add alias through special menager panel for the hosting server. (but I dont want alias), everything what I can do with my serwer I have to do through this menager panel. I can use FTP client to upload and download files. 2) On my serwer I have 3 folders: cgi-bin, requetes and www. Everything what is in "www" folder we can se through the browser with the easiest URL like www.my_page.com. Other folders are protected and there is no way to see the content of other folders through any browser. 3) I can upload files everywhere I want but like I said only files in "www" folder are visible in the browser. 4) I can use .htaccess
extra 5) I tried with .htaccess. I create .htaccess file next to "www" folder but didnt worked as I expected. So I moved it into "www" folder bot the same result. Content of the .htaccess file was at the first time: RewriteEngine on RewriteRule ^/$ /www/my_extra_folder/ and after I moved it into www folder: RewriteEngine on RewriteRule ^/$ /my_extra_folder/ And what can I say. Of course it redirect me to the "my_extra_folder" BUT the URL in the browser looked like this "www.my_page.com/ my_extra_folder". This mean that somebody can change the URL and get access to "www.my_page.com/apps/". Also I wrote a mail to the company which provides hosting services for me but I'm sure it is to late to get the answer today. I asked about a way to change the root folder on the server from "www" to "www/ my_folder". Maybe I will have to change the offer for more advanced. I have the cheapest offer so maybe I need something like PRO or higher. I hope mr Donald we will be in contact to explain this issue to the end :D:D:D I understand maybe today is too late but I hope tomorow we will continue it. If I can't do this on my server because it not allows me to change apache configuration maybe you will explain me how to understand this using localhost. I have installed Wamp server on my notebook. I'm using Windows 7 x86. On 31 Maj, 20:59, Donald Tyler <chekot...@gmail.com> wrote: > If you have no access to the Apache configuration, then I don't see how you > can use the symfony framework securely. You *must* be able to define the web > root of your virtual host for the symfony framework to be secure. > > I'm sure there's a "hacky" way to get it to work with your setup. But you > really need to use a host where you can properly configure your site. The > "web" folder really needs to be your site root. If it's not, then your going > to have all kinds of security issues. > > To help you further with these, we are going to need more specifics on your > environment. We obviously know you are using apache, but: > > 1. What configuration options *do* you have access to. > 2. Do you have a single directory (your web root) that you are allowed to > upload files to? > 3. If not, what directories can you upload files to? > 4. Does your web host allow .htaccess overrides? > 5. etc.. > > On Mon, May 31, 2010 at 12:29 PM, RedQueen <s.p.alle...@gmail.com> wrote: > > And I tried the solution number 2 from Massimiliano Arione. He said to > > copy the sf folder to web folder. I did it (I don't understand what > > for but I did it) and what? NOTHING. > > I still have to use URL like "www.my_page.com/web" and any stranger > > can change the url to "www.my_page.com/apps" and visit my private > > files. > > If I add alias I have short URL like "www.my_page:8083.com" or > > "www.stupid_alias.my_page.com" but on serwer I am in "web" folder. > > I want the same without this unnessesary alias > > > On 31 Maj, 19:19, RedQueen <s.p.alle...@gmail.com> wrote: > > > The problem is I HAVE NO ACCESS TO APACHE.CONFIG. > > > And thats why I dont want the alias :D > > > > On 31 Maj, 19:10, Donald Tyler <chekot...@gmail.com> wrote: > > > > > It sounds like you're just having trouble understanding how to setup a > > site > > > > in Apache. > > > > > If you can you post the apache configuration for your site, maybe I can > > > > point you in the right direction. > > > > > On Mon, May 31, 2010 at 12:04 PM, RedQueen <s.p.alle...@gmail.com> > > wrote: > > > > > I still don't get it :/ > > > > > I will try to explain more easy way what I want. So :D:D:D:D > > > > > Lets start the basics. After we install the symfony 1.4 acording with > > > > > tutorial on the symfony page we have few standard folders like "app", > > > > > "config" or "web". Awesome :D > > > > > When we will add the alias we can access to "web" folder ONLY!!! And > > > > > it is great cause it is safe for my private data like password to > > > > > database or anything else. > > > > > Actually almost great.... Why?... Cause I WAN'T THE STUPID ALIAS!!! > > > > > The problem is when I won't add the alias, any user can open for > > > > > example "config/database.yml" file and read my private data. > > > > > Who will B so patient to explain me STEP BY STEP or like for a child > > > > > to understand this how to avoid to use alias but still have protected > > > > > data in symfony folders except "web". Please > > > > > > On 31 Maj, 18:02, Massimiliano Arione <garak...@gmail.com> wrote: > > > > > > The alias is needed only for the "sf" folder. > > > > > > If you won't (or can't) use an alias, you can just copy "sf" folder > > > > > > under your "web" folder > > > > > > > cheers > > > > > > Massimiliano > > > > > > > On 31 Mag, 13:56, RedQueen <s.p.alle...@gmail.com> wrote: > > > > > > > > On the main page of Symfony we can find a lot of guides. And it > > really > > > > > > > help but sometime it dont answer all questions. One of this > > question > > > > > > > is "What if I don't want any alias?". All tutorials explain we > > have to > > > > > > > add few lines to apache config file to use the alias. But I dont > > want > > > > > > > any alias... I just want to write simple URL and get on my site. > > What > > > > > > > sohould I do? > > > > > > -- > > > > > If you want to report a vulnerability issue on symfony, please send > > it to > > > > > security at symfony-project.com > > > > > > You received this message because you are subscribed to the Google > > > > > Groups "symfony users" group. > > > > > To post to this group, send email to symfony-users@googlegroups.com > > > > > To unsubscribe from this group, send email to > > > > > symfony-users+unsubscr...@googlegroups.com<symfony-users%2bunsubscr...@googlegroups.com> > > <symfony-users%2bunsubscr...@googlegroups.com<symfony-users%252bunsubscr...@googlegroups.com> > > > > > > For more options, visit this group at > > > > >http://groups.google.com/group/symfony-users?hl=en > > > -- > > If you want to report a vulnerability issue on symfony, please send it to > > security at symfony-project.com > > > You received this message because you are subscribed to the Google > > Groups "symfony users" group. > > To post to this group, send email to symfony-users@googlegroups.com > > To unsubscribe from this group, send email to > > symfony-users+unsubscr...@googlegroups.com<symfony-users%2bunsubscr...@googlegroups.com> > > For more options, visit this group at > >http://groups.google.com/group/symfony-users?hl=en -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en
