What do you think about this suggestion?

Events happening in the community are now at Drupal community events on www.drupal.org.
jfmoore's picture

In researching how to solve my problems in getting a true domain set up on my Drupal multisite installation, and "parked" vs "addon" domains, I came across this, and I was wondering what the group thinks about it, as far as how to set up the directory structure and its stated advantages:

"A more secure Drupal [multisite] install"
http://justinhileman.info/article/a-more-secure-drupal-multisite-install/

Comments

This looks like a really

davidhernandez's picture

This looks like a really complicated way of doing it that will create a lot of administrative overhead. A lot of symbolic links and modified php file, just to keep it running. It looks to me like he is doing it this way just so he can install something (a Word Press blog) inside of his Drupal directory.

Yeah, I used to do something

btopro's picture

Yeah, I used to do something like that so we could have D5, D6 and other alternate packages of Drupal run from the same directory tree.

drupal6
public_drupal6
drupal5

would then all use symlinks in the rest of the system's structure:

so /courses/ doesn't exist it just points to drupal6
/elearning/ -- public_drupal6
/courses/course1 -- drupal6
/courses/anothercourse -- drupal5

This way you keep the UX consistent for our users and yet run drupal on multiple versions within "the same directory structure". Well it's not the same, it's all virtual :)

It's certainly a complicated way of doing it. It you want something like what your talking about I suggest looking at Aegir or writing something custom to run scripts to do the symlinks and multisite rewriting stuff for you (that's how we handle the old stuff).

That's definitely a

patrickavella's picture

That's definitely a convoluted nightmare. site1.com/some.jpg is publicly accessible through the internet to begin with, and the author skips over the explanation that the URL is actually very unique, e.g. mysite1.com/sites/mysite1.com/files/some.jpg

There's also nothing stopping you from installing a wordpress blog in sites/mysite1.com/files/wp-install/ or even in a less savory location like mysite.com/wp-install/

In terms of security, the panic of settings.php is a bit of a stretch. Between htaccess and unix permissions no one can actually read settings.php unless they already have user access to the server directory, at which point it's not drupal's fault it's the administrator's.

He has a point about robots.txt et al, but for the majority of installations this is a non issue, and I'm positive there are workarounds.

After thought: if it's really that crucial that a website not be on a multisite install you can always have a second drupal core. If you still wanted to play the sym link game I can't think of any reasons why you can't just sym link the sites/all directory so that module updates are still tidy via drush. I'd actually be curious to hear about the Author's original situation that lead him to his solution. He may have had a legitimate reason for doing what he did. I just don't see the method being very useful from an outside perspective.

Robots.txt

greggmarshall's picture

Of course there's a module for that!

http://drupal.org/project/robotstxt

Yeah, all of that symlinking

jfmoore's picture

Yeah, all of that symlinking makes me nervous. Too many opportunities to make an error. I'm sticking with the normal way.

Multisite

Group organizers

Group notifications

This group offers an RSS feed. Or subscribe to these personalized, sitewide feeds: