Chapter 13. Separate Public and Non-Public Resources

At this point we have made major strides in reorganizing the core of our legacy application. However, the surrounding architecture still leaves much to be desired.

Among other things, our entire application is still embedded in the document root. This means that we need special protections on resources we intend to keep private, or that we need to rely on obscurity to make sure that clients do not browse to resources not intended to be public. Errors in web server configuration—or failure to attend to specific security measures—may reveal parts of our application to the public.

As such, our next step is to extract all public resources to a new document root. This will keep the non-public resources ...

Get Modernizing Legacy Applications in PHP now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.