You are right. The application does not belong to public folder. My goal is to make installation as easy as possible. Just copy the code and start to blog. Another reason is, that you can't easily run the application in subdirectory for example /blog/ if put the application code behind public folder.
Composer is a good Idea, but with first version we wanted to deliver one single package for the end users. We would use composer for the next releases.
If you absolutely cannot separate out the public portion of the application from the core -- which should be possible because even the worst shared hosts allow for folders above public_html -- then you'll need to use a PHP solution for protection the files. For example if you define a constant in index.php and then check for that constant in included files you can prevent access, eg:
defined('BASEPATH') OR exit('No direct script access allowed');
You are right again. But I will complicate the installation.
The PHP files are secure, they are classes ore arrays.
if you execute them nothing happens. We have an .htaccess file in core applications folder. The .htacces file rejects all requests.
We would provide security tips also for nginx users.
Just to repeat all files except index.php are classes ore arrays
and and they don't execute any code.
Here is a quick screen short http://awesomescreenshot.com/04e2brbo81
We a basic and clean admin interface. Ospari uses Markdown. You have a live preview as you type and everything is auto saved.
I explained it in my last post. It is the ease of getting started. You can just copy Ospari on your server and start to blog. Installing Ghost is not easy.
Second it is also about alternatives. Why Ycombinator started HN, although reddit existed?
Ghost and WordPress offer hosted blogs as well as source code. It's no longer necessary to worry about servers or FTP details just to get up and running. Creating a blog is now as easy as filling out a form on a website and clicking submit.
Your only other USP appears to be the ability to parse themes designed for a different engine. Is this going to be enough to distinguish Ospari from your competitors? Is it feasible for someone to write a WordPress plugin that achieves the same thing?
Ghost is great. Wordpress is not.
Yes, currently our USP is parsing ghost themes. Ospari is faster than Wordpress and I would say even more secure than Wordpress. Not to mention the code quality ;-) and we have just released the first version.
