Location of CSV file and HTML Templates

[stealyourface]

First of all, thank you to the author of FormMail for this fantastic software! Soon enough I will be a customer of the paid features when it is called for.

My question(s):
Currently I have my formdata.csv located in
/var/www/formdata/formdata.csv

Is www the same thing as public_html? Should I bring the location of this file up to /var/formdata.csv for added security? And at that point, would it really matter what the permissions were?

My server has directories /var/www/public_html so i thought /var/www would be inaccessible from a browser, but maybe it is not.

The same question applies to my HTML template. It is located in
/var/www/formdata/plates/preregistrationPlate.html

Why do we need to hide the template? What security issues are presented if the template is not above public_html?

Many many thanks,
Gabe

[crabtree]

My question(s):
Currently I have my formdata.csv located in
/var/www/formdata/formdata.csv

Is www the same thing as public_html?

usually it is....but it depends on ur server.

Should I bring the location of this file up to /var/formdata.csv for added security? And at that point, would it really matter what the permissions were?

yep, u usually want ur CSV files protected from web access.

the permissions need to be rw-rw-rw- so the user that runs the web server software (apache) can write to the file - coz that's what the user is who runs ur formmail.php

My server has directories /var/www/public_html so i thought /var/www would be inaccessible from a browser, but maybe it is not.

probly the same

The same question applies to my HTML template. It is located in
/var/www/formdata/plates/preregistrationPlate.html

Why do we need to hide the template? What security issues are presented if the template is not above public_html?

i can't think of any reason u need to protect ur templates.