above root? im confused!

I remember about a year ago there was a post about someone being hacked and few people got me all confused the about the term "above root" when talking about a database.

Just about everyone uses the term "above root" to keep it out of the HTTP view, but i call it BELOW the root.

This is how i look at it.

When in Windows Explorer i would work my way to C:\inetpub\wwwroot\websites, now if i went to C:\inetpub\_private i would be clicking the back bottom, and i call that going below the root, not above the root.

Another way to look at it:

C:\Inetpub\_private is the secured directory
C:\Inetpub\wwwroot is the website directory

When viewing it listed that way, it is above, but when coding it i would consider it below the root since im not righting the path to something like C:\Inetpub\wwwroot\_private.

Also when using "../" in paths, i consider it going BELOW the directory, not going ABOVE the directory. Maybe i just see things different, but i just dont see how you can say putting a database *above* the root is secure, when i think putting it *below* the directory is secure.


Ive been thinking about this for almost a year now and it drives me crazy just about every day. What the hell is not clicking in my head to not agree with the term "above root" when i think its "below root"?????

I agree, you are drilling "down" into a directory structure so you would drill up or out to the above folder. It really depends how you look at it and don't think it will ever become a felony to use it the other way around but hey. What troubles me is that you have been thinking about this for year...what a waste of time     

I think "root" is a misnomer. Most hosting accounts have an account/ftp root that can have multiple web roots under it - one for each domain or subdomain.

People commonly refer to a web root as "root" but it's just a subdirectory of their account/ftp root. When they refer to "above root", their talking about going up into the account/ftp root.