Hellou, i have stupid Apache hosting with access only in webserver webroot directory - i can not upload a "vendor" and "app" folder to a non-public directory.
How can I best secure "vendor" and "app" folder in public directory?
It is enough .htaccess with "Deny from all" or … ?
(sorry for my bad English)
Here, take a look at this, made especially for people in a situation like the one you’re in: https://github.com/kartik-v/yii2-app-practical-b
Thanks, but there is "vendor" folder completely public.
And on page "http://www.yiiframework.com/download/" is: Install from an Archive File - Download one of the following archive files, and then extract it to a Web-accessible folder.
So result - "vendor" folder can be public and ".htaccess" with "Deny from all" in "vendor" folder is unnecessary?
Is that really true?
That’s what you said: your stupid webhosting only allows you to upload vendor and app folder to public directories.
I suggest that you actually check out the application template that I linked to because it is made for situations like yours.
And, yes: it uses a htaccess.