With 0.9.7 is it possible to have the manager as a subdomain via and separate context?
and is it possible to change the name of the manager, for example: mydomain.com/admin instead?
I’m running a single core/ located outside of my web server document root for maximum security (and managed by SVN directly), and several different configurations (different databases, caches, managers) from that single core successfully right now.wow, that sounds hyper secure - what’s the nature of the website that needs this much security? - or is it just because you can?
In fact, I’m running a single core/ located outside of my web server document root for maximum security (and managed by SVN directly), and several different configurations (different databases, caches, managers) from that single core successfully right now.
It would be unavailable to the web server directly, so any exploits depending on accessing a script would be rendered useless on everything stored in the core. Of course, sloppy programming could still lead to vulnerabilities despite having the files unavailable to the web server document root, but that is always the case regardless and it never hurts to make it that much harder to exploit.
Quote from: OpenGeek at Dec 04, 2007, 03:13 AM
In fact, I’m running a single core/ located outside of my web server document root for maximum security (and managed by SVN directly), and several different configurations (different databases, caches, managers) from that single core successfully right now.
i have a little information about security, would someone tell me how locating the core to outside of document web root cause more security?
<?php define('MODX_CORE_PATH', '/bla/blabla/blablabla/bla/12345/domains/firstdomain.com/html/manager'); define('MODX_CONFIG_KEY', 'config'); ?>
It should have also extracted index.php to this location. I assume you got the advanced package? It is the only package that is meant for deploying the reference contexts into custom locations. And I assume that you did not select "files already in place" on the installation options page? This would only apply if you didn’t change the default locations.
After changing the web context path I was expecting to be able to go to otherdomain.com and be able to view the document with ID 1 - but instead I get a 403 Forbidden page error and fins a config.core.php file at its location containing:
<?php define('MODX_CORE_PATH', '/bla/blabla/blablabla/bla/12345/domains/firstdomain.com/html/manager'); define('MODX_CONFIG_KEY', 'config'); ?>
I was quite pleased that MODx had been able to put a file somewhere completely different on my sever, but otherdomain.com wasn’t showing the website, instead firstdomain.com/ was showing the web context, and also firstdomain.com/manager was showing the manager context.
All AJAX manager requests are routed through the connectors context, and it can serve as a general purpose context for allowing custom interfaces to take the same actions as can be made in the reference manager implementation that is provided. And the purpose is the same as the rest, to allow the physical location to be customized for whatever reason.
Also, what is the AJAX Context, and what would the purpose of changing its location be?
You can either copy the index.php and config.core.php to this location and modify it to load the specific context in the $modx->initialize(’web’) statement, or you can serve the domain from a single location and use a plugin to detect the http_host and then use $modx->switchContext(’myCustomContext’); to dynamically change it. Please note there are significant improvements in this functionality in recent revisions (after alpha 3).
Finally, once I’m in the manager I can add a totally new context, such as thirddomain.com, which I can then start adding documents into - but how can I make /bla/blabla/blablabla/bla/12345/domains/thirddomain.com/html/ load this context?
It should have also extracted index.php to this location. I assume you got the advanced package? It is the only package that is meant for deploying the reference contexts into custom locations. And I assume that you did not select "files already in place" on the installation options page? This would only apply if you didn’t change the default locations.