-1

I had a backend in Laravel and a frontend in react. Now a guy has converted my frontend to next.js.

My question, I see he had put my frontend in the public folder and backend in the public folder too, Before he converts I had a folder name website app outside the public folder.

But is it secure to have both backend and frontend in the public folder? Can someone download the whole website files when I have everything in the public folder?

It sounds a little weird to me.

Hedayatullah Sarwary
  • 2,664
  • 3
  • 24
  • 38
MRVirrelli
  • 17
  • 4
  • 1
    You've tagged this Laravel so I'm assuming you mean there are your .php source files under /public, which is a red flag something is going wrong here. – apokryfos May 18 '21 at 05:59
  • yes, everything is in public_html folder. Looks so weird why he put everything there – MRVirrelli May 18 '21 at 06:04
  • 2
    No that's wrong. It is also a security concern because unless the webserver is very carefully configured you will end up exposing certain source files to the world – apokryfos May 18 '21 at 06:08
  • ohh sounds not great – MRVirrelli May 18 '21 at 06:59
  • @michelezsoltzsolten if you think the answer below is right please mark it as the solution, if not, add your own answer to this matter :) – Gonzalo F S May 24 '21 at 10:45

1 Answers1

1

You are right, the whole project shouldn't be in the public folder, as its name says, it is for things that should have public access, and the other non-public files should be in folders above the public folder. This is a good practice, but put in mind that there is no best place to store your files safely. The safety of your sensible files is only a result of a combination of good security measures adopted in the server.

If your project is made with Laravel you should already have a public folder inside it, THAT is what should be inside the public folder on the server. Laravel treats the public folder as the content that is already compiled and "ready to show it" to the browser. Your views, css and js files are in the folder resources, and if you check your public folder it will have a css folder, a js folder and index.php. This is because Laravel allows the user to use Blade and Sass for example, and these things need to be processed and converted into the files you see in the public folder so the browser can understand them.

So you should use the public folder that Laravel gives you and not post the whole project in the public folder.

Gonzalo F S
  • 412
  • 3
  • 8
  • ok, Thank you. Is it ok to have next.js (frontend) in public folder and laravel backend outside the public folder? He have backend and frontend separate right now. – MRVirrelli May 18 '21 at 10:53
  • @michelezsoltzsolten yeah, I think that would be alright. Is it like frontend + API? – Gonzalo F S May 18 '21 at 16:26
  • He have this now https://ibb.co/X5dB3Ph I dont if the know what he doing, I just want to be sure my website is secure. When i ask him why he put everything in public he just "why not?" – MRVirrelli May 18 '21 at 20:00
  • He have 2 account in the server https://ibb.co/tB2NQNM One with backend and one frontend next.js, Now he just have frontend source files in public. I don't know if it should be there. Looks weird. – MRVirrelli May 18 '21 at 20:09