Hey Typo3 community,
I would like to ask whether you use the PHP setting “open_basedir” in your project as an additional security net? And if not, is it because you evaluate the security benefit as marginal?
Which base directory would you even set for a composer-based installation? I’ve included my sitepackage as a local repository in …/packages, and because it’s outside of …/public I personally wouldn’t even be able to set the webroot directory as the base directory.
Would love to hear some opinions from other Typo3 system administrators.