I have set up my own AMP stack on my local machine and am playing around with web application development. I am researching about various best practices is secure application development, and I see constant references to the term "web root"
For example:
Make sure you store the file outside of the web root
I more or less understand, however, I am slightly confused. Consider the WebServer directory in OS X:
/Library
|
|--WebServer
|
|--CGI-Executables
|
|--share
|
|--Documents
|--index.html.en
|--MyWebApp
|
|--myFile1.html
|--myFile2.js
|--myFile3.php
The term seems to suggest that the web root is at the MyWebApp
directory. However, wouldn't anything under 'Documents' be visible, or even anything under WebServer
. Maybe not, because when I remove index.html.en
and navigate to localhost/ in my browser, I get a 403
error.
What is meant by the "web root"?
Web root is the first directory can be accesible by the web. Usually is called /public_html. You can define directories at the same level or upper with data that is used in your website (e.g. images, cache memory...).