I've set up MT with the MySQL support.  I've not installed MT within CGI-BIN but have instead created its own directory (called lettres).  

mydomain/lettres

It's where the index.html resides.

Within my lettres directory is, among other subdirectories, Archives.

mydomain/lettres/archives

This is a 777 permissions directory.

All of my blogs and an archive file reside in this directory.  Having only just started with MT, I have only a few files in this directory:

000001.html
000002.html
000003.html
000004.html
2002_07.html

Question: Can this directory be set up outside of my web space (i.e., a directory off /home)?

The blog config form seems to want a URL to, at least, the archives directory so that gives me to believe it has to be within my webspace.  Similarly, I don't see where I can tell it to place the blog entries but I'm still reading the docs on this.  At the moment everything is going into the mydomain/lettres/archives directory.

I am curious about this since it's a 777 permissions directory.  I would think it safer to put the blog entries and archives in a directory outside my webspace.  Is that possible?

TIA,
Bob

2 things it seems:

1) it would be a bit silly to place the archived files you mention outside your web directory, because then nobody could view them.

2) if your host allows it (as it appears from your message) it is a good idea to place your database files outside of the web directory.

To do that, you must edit the mt.cfg file in your MT directory. there is some good information about that in the installation manual of MT.

On the 777 permission, this is what I learned from my own webmaster: 777 permission does not make it any easier for anyone from the outside to gain (illegal) access to your files, but in theory it might make it easier for other users of the webserver to access your files. In theory, because in practice the Apache WWW process needs to run with root permission, so whether you set your permissions to 755 or 777 is a moot point, because since the www process runs as root, it would be trivial for a knowledgeble user of your webserver to change your permissions from 755 to 777 anyway.

HTH

Thanks for the info.  Well, all of my message-type programs place the message texts outside the webspace.  Discussion board, Classified Ads, Resource Portal, Interactive Calendar and so on.  For instance, the Discussion board posts and respective archives all reside in a directory outside the webspace.  Is your website's homepage permissions set for world writeable?  I hope not.  Too easy for someone to change, say, "Hello, Welcome to My Site" to "Hey, Get Lost A-Hole" :-)  Could be just as easy to change your blogs.

But from what I see, MT is creating separate, static web pages for each entry rather than pulling the info from a data directory and creating the page dynamically.  I think that's why it doesn't set up to place the blogs outside of the webspace.  Since, say, 000003.html is indeed a complete web page that's called, it needs to be inside the webspace.  Better would be, say, 000003.dat that is stored in a directory outside the webspace and is called to create a dynamic web page when asked for.



Agreed.  That's what I did when testing the Berkeley_db setup but I'm using MySQL so setting up database directories isn't needed.



Well, 777 gives world write (and execute) permissions.  An invitation to be hacked.  

Of course, it requires know-how to hack a site regardless of permissions.  But why make it easier?  I mean, instead of 13 year-olds being able to hack a site, I at least try to require advanced know-how; 15 year-olds.

Bob