Although some judgments and restrictions will be added to these procedures. But in addition to library files, there are also temporary files, template files, etc. These files should not be accessed directly through the web. Whether in terms of security or code management, store inaccessible files in the web directory.
Why is there such a problem? Back in the old days, most websites were still placed on virtual hosts, and the root directory of ftp was directly the root directory of the web. In order to adapt to this situation. Codes like phpbb, vb, discuz, and ofstar can only store library files directly in the same level directory.
But is it still necessary now? Today's server prices are much cheaper than before. Basically, a webmaster is a server, almost a vps. In addition, even a virtual host will not have the same ftp root directory and web root directory. Generally, ftp is one level higher than web. So we no longer need to put all programs in the web directory, but put the files that need to be used on the web in the web directory.
The above has introduced that there should be no redundant program security considerations in the web directory, including aspects of the program. I hope it will be helpful to friends who are interested in PHP tutorials.
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
