Cardale Posted November 7, 2009 Share Posted November 7, 2009 I wanted to make sure my configuration file was secure it contains a lot of important information. How can I make sure no one, but the server can access it. Quote Link to comment Share on other sites More sharing options...
Alex Posted November 7, 2009 Share Posted November 7, 2009 Put it outside of your document root. Quote Link to comment Share on other sites More sharing options...
Cardale Posted November 7, 2009 Author Share Posted November 7, 2009 What if this isn't an option? Is there any other ways? Quote Link to comment Share on other sites More sharing options...
Alex Posted November 7, 2009 Share Posted November 7, 2009 I guess it depends what type of file it is. Putting key files outside of your document root is usually the best idea, but there are other ways. For example, if you're using a .ini file you could rename it with a .php extension, and do something like this: ; <?php exit; ?> ... Because in .ini files lines starting with ';' are comments when you load that configuration file that won't be included, but if you try to run it from your web browser the php will be executed and it'll stop the script from executing. Quote Link to comment Share on other sites More sharing options...
Cardale Posted November 7, 2009 Author Share Posted November 7, 2009 Ahh, I see that would be helpful. This works with a parse_ini_file command? Would these methods eliminate access then? Quote Link to comment Share on other sites More sharing options...
Alex Posted November 7, 2009 Share Posted November 7, 2009 Yes, that's correct. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.