Encourage good security practices so that public files are public and private files are private.
If you are familiar with Laravel’s directory structure, then you know that the public
folder is where the index.php
file lives.
Other PHP frameworks and apps may take a different approach and add the index.php
file directly to the root
directory. As long as you direct the server to the “public” directory that contains the index.php
file, then the site should render as expected.
However, is that really what you want to do?
Probably not! You want to be careful with what you expose and make accessible to any passer-by of your website. For example, if the folder lookup is set to root, then users can access other files you may not what them to access, such as composer.json
.
This is why Laravel’s directory structure places index.php
into the public
folder with other “safe to see” resources such as css, js, images, etc. It’s to encourage good security practices so that public files are public and private files are private.
But, what about Laravel-based apps that add index.php to root?
Surprisingly, there are many popular Laravel-based web apps that do not follow this structure and expose the index.php in the root directory. I’d suggest to make the necessary updates that encourage good security.