1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

XF 1.1 Things XenForo writes to filesystem

Discussion in 'XenForo Questions and Support' started by digitalpoint, Oct 29, 2011.

  1. digitalpoint

    digitalpoint Well-Known Member

    As far as I can see, XenForo only writes templates (when you are set to save them as PHP files) and avatars to the file system normally, right?

    Just want to make sure I'm not missing anything so I can setup security, permissions and multi-web server syncing properly.
     
  2. Mike

    Mike XenForo Developer Staff Member

    Anything can be written to the file system into the data and internal_data directories. Data is accessed directly by the web server, internal_data isn't. So that includes things like attachments, attachment thumbs, avatars, some temp storage, templates as files, things add-ons might right, and general future things.
     
  3. digitalpoint

    digitalpoint Well-Known Member

    So would it be safe to block PHP execution within the data directory? I hate having the web server "user" have the ability to write anything/anywhere (purely from a security standpoint). So if someone was able to get the web server to write a nasty PHP file to the data directory somehow, I could at least prevent it from executing...
     
    Rigel Kentaurus likes this.
  4. Mike

    Mike XenForo Developer Staff Member

    That would be fine. You can do the same with the internal data directory as well or you can move it outside of the web root via config.php.
     

Share This Page