Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Public Area #30

Draft
wants to merge 2 commits into
base: master
Choose a base branch
from
+111 −0
Draft

Public Area #30

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
938f1ba
Initial commit
nibra Jan 21, 2022
0e8184c
Merge remote-tracking branch 'origin/master' into public-area
nibra Aug 13, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
66 changes: 66 additions & 0 deletions proposed/public-area-meta.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
# Public Area Meta Document

## 1. Summary

Separate server side code from publicly accessible assets.

## 2. Why Bother?

The simplest and safest way to avoid access to arbitrary files and to restrict access only to specific files is to have
a separate directory for public files. This approach has the advantage that it works independently of the web server
used and requires no further configuration other than setting the document root.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If it can't be applied to all hosts then why bother

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

because we support different environments and the more "professional" you go the more options you have to secure your setup

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for calling me an amateur who doesnt secure their webspace

## 3. Scope

### 3.1 Goals

### 3.2 Non-Goals

## 4. Approach

On some shared hosts it might not be possible to move DocumentRoot to a directory of the webspace. Therefore, the public
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

On MOST shared hosts .... directory above the webspace ...

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it could also be possible to move the application anywhere above the documentroot or below it, or beside. Like:

Application (Everything except (admin)index.php, updater, media-folder, images-folder)

webroot/../local/, webroot/
webroot/private/ (protected by .htaccess), webroot/
webroot/private/, webroot/public/ (redirected by .htaccess)

Does this make sense? It seems webhosts allow to move the documentroot around, especially if it's not on a shared host.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Most Joomla sites are on some form of shared host

area must be optional. At the very least, there must be a way to put the public files in the webroot instead of in a
separate directory.
This has to be documented accordingly.

## 5. Design Decisions

* Introduce a config variable for the location of the public directory. The default value for updates is '/', for new
installations it is '/public/'.
Copy link
Member

@Fedik Fedik Jan 21, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Couple question:
This should to be defined before installation or after?
Is it good idea to make configurable while installation?

Not sure what is best way

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should to be defined before installation or after?

Ideally both - consider re-installing a backup on a new host with different capabilities.

Is it good idea to make configurable while installation?

Yes, I think so. We'll find out how this best is done, once we start working on this. There are a lot of subtleties to consider that I may not have thought of at the moment.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

in the end it should be one or two configuration options.

* Make the path available through `JPATH_PUBLIC`.
* If the public directory gets changed, corresponding files and directories are moved:
* administrator/index.php
* api/index.php
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

and installation/index.php

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, probably...

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That depends how we can manage to do it, because also the updater is effected and extension installations an so on. Maybe you extract the complete joomla as normal to your public webspace and select the target directories for public and private parts in the installation process.

* media/
* index.php
* .htaccess
* robots.txt
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The list is incomplete. Since 4.0 and the introduction of the filesystem-local plugin a user could create a root directory which essentially is a public directory similar to images. This needs to be acknowledged and any changes should also affect any such user created folders

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It would really help, if you could complete the list... TIA!

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

its a user-created area - so @dgrammatiko might create one called brussels and I might create one called leeds

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe something like

* If the public directory gets changed, corresponding files and directories are moved:
  * administrator/index.php
  * api/index.php
  * media/
  * index.php
  * .htaccess
  * robots.txt
  * All the folders used in the Filesystem-Local plugin (default: images)

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

actually the images folder which is selected must be part of the "public" folder, so things like
adding images to this list makes no sense because we need a physical public folder which would hold the images (or better media files) add in the the plugin.

That means, a comment should be added that explains that the filesystem-local folder have to be locked to the public folder. (I'm not sure if it's lock to the joomla root folder atm, if so then it have to be locked to the public folder)

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure if it's lock to the joomla root folder atm, if so then it have to be locked to the public folder

It is locked to JPATH_ROOT

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also I'm not sure I get the plan for the Joomla update. Currently the JPATH_ROOT . '/administrator/components/com_joomlaupdate/extract.php' is a standalone entry point that requires direct access. If somehow the JPATH_PUBLIC . 'index.php' will have to require that file the functionality needs to happen WITHOUT booting any of the libraries/Application/... or any other system files. In sort I think the extract needs to also live in the public folder (maybe as update.php that will require_once the extract.php, or some similar functionality)


> The moved files might need some adjustments.

## 6. People

### 6.1 Editor(s)

* Niels Braczek, <[email protected]>

### 6.2 Sponsors

* N/A

### 6.3 Contributors

* N/A

## 7. Votes

* **Entrance Vote:** _(not yet taken)_
* **Acceptance Vote:** _(not yet taken)_

## 8. Relevant Links

_**Note:** Order descending chronologically._

## 9. Errata

...
45 changes: 45 additions & 0 deletions proposed/public-area.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
# \<Subject>

This document describes ...

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD",
"SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be
interpreted as described in [RFC 2119][].

[RFC 2119]: http://tools.ietf.org/html/rfc2119

### References

- [RFC 2119][]: Key words for use in RFCs to Indicate Requirement Levels

## 1. Specification

### 1.1 Spec A

### 1.2 Spec B

## 2. Interfaces

### 2.1 Interface A

The following interface MUST be implemented by compatible ...

```php
namespace ...;

interface ...
{
}
```

### 2.2 Inteface B

The following interface MUST be implemented by compatible ...

```php
namespace ...;

interface ...
{
}
```