Details
-
Type:
Improvement
-
Status: Done/Fixed
-
Priority:
Major
-
Resolution: Duplicate
-
Affects Version/s: 2.0, 2.1.2, 2.1.4, 2.1
-
Fix Version/s: 3.0
-
Component/s: Standalone CiviCRM
-
Labels:None
Description
When installing a standalone installation of CiviCRM, the installer and the installation instructions should be reworked so that you only put the standalone/ directory in the docroot of the web server. Things that absolutely must be exposed could be symlinked in there by the installer (though that makes Windows installations a bit tricky).
Currently way too much potentially exploitable code is exposed to the web. We should minimize that for 2.3. We should have a clearly defined list of which directories are exposed to the web and which are not.
This has the added bonus of shortening the URLs (because it doesn't need "standalone" in all of them), which is more important than you might think to many organizations (including mine) who regularly advertise and/or e-mail out our URLs to folks.