Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
I'm not sure where to post this but I feel that since I have gone through this scenario, im sure other out there would face the same. To contribute towards the community, i want to share my experiences;
Request to Developer -
My Scenario -
My Workaround -
Thats it! I suppose another method of doing this will be through your htaccess (i havnt tried this) or if you have ssh access to your cpanel (most of the time if your just hosting websites, you dont), you can modify the virtual hosts file to reflect the public folder of Grocy.
If anyone else has anything to add / modify / remove to this, please do.
Hope this could be useful to someone out there!
Great that grocy is useful for you and thanks for sharing your experience with the cPanel installation. :)
I don't really know what I should do about that...
So be careful about your setup that https://your-domain-name/grocy/data/grocy.db does not serve the database file, I don't think that you want that...
Sure, no problem, glad to be of some assistance.
Ah, I see your point now! Unfortunately, I'm from an Infrastructure background so I wouldnt have any idea on how to do this. There are a few apps (PHPIPAM, WORDPRESS amoungst others) that I have running that however don't point to a public folder, but the difference I notice here is that they are all using a php/mysql architecture. So that could be one method, but in all of them, they have a configuration file which we must edit (for example SQL Connection details) but I wont know how they build security around the folders that these configuration type files reside in. These config files cannot be exposed to the WWW.
You brought up a very valid point on exposing the grocy.db file. I'm assuming that by disabling the directory listing feature of the web server, malicious users will not be able to download the file? I'm not sure on this, i could secure it more by using an htaccess file i suppose or by writing a script to request a username / password to access the folder. Honestly, I think malicious users have better things to hack-away rather than trying to find out when my groceries are going to expire :) but i could be wrong!
Keep up the good work mate, i'm sure you must have plenty of compliments for your system, it really is well thought out, structured and feature rich with just what I require! No more fights on chores or throwing away expired products!
I would say that this just prevents directory listing, not the download of an explicit file. Using .htaccess rules (for Apache, other ways for other webservers) would be the only way to prevent this, I think.
Wordpress does this by putting an empty .php file in each directory, to prevent file listing. But it's possible (for the default file structure) to serve any file in the wp-* folders when explicitly provided.
I agree, but it should be safe, regardless of how sensitive the data is, in my opinion...
Thank you again. :)
oh yes, very true! haven't we all played that excel game :)
So I got quite a few points from your reply, which I learnt and will need a bit more research from my end. I will post updates to this thread as an when I dig a little deeper.
Well its been a pleasure and I truly hope that you will continue to make such wonderful systems that will not only solve your problems, but ours as well :)