Can I move writable directories outside HTML tree?

[fbas]

My admins don't like having directories in the HTML tree that are writable by the web server.

 

Clearly several directories need to be writable by the system in order to upload attachments, upload images, update the cache and smarty cache, etc. However, it's a security issue having these writable directories in the HTML directory tree - imagine if someone were able to coax your server into writing an executable file or php file to your writable directories, then do arbitrary things to your server.

 

I was hoping that changing the constants in prestashop/config/defines.inc.php would allow me to move my img directory outside the HTML tree, but in my testing that did not work. It seems these directories must be somewhere in the HTML tree.

 

Is there a way to do this for the img directory? What about the smarty and cache directories?

 

thanks for any help or insight you can provide.