Jump to content


Photo

config.php in folder or not?


  • Please log in to reply
3 replies to this topic

#1 russia5

russia5
  • Members
  • PipPipPip
  • Advanced Member
  • 94 posts

Posted 25 August 2006 - 05:13 PM

Can anyone tell me if putting the config.php file in a folder rather than in the root, effects the security of the site in some way?

#2 newb

newb
  • Members
  • PipPipPip
  • Advanced Member
  • 454 posts

Posted 25 August 2006 - 05:23 PM

not really. thats a broad question -.- kinda depends. just chmod the config file or something.

#3 HeyRay2

HeyRay2
  • Members
  • PipPipPip
  • Advanced Member
  • 223 posts

Posted 25 August 2006 - 05:38 PM

It really depends on what your config file does.

Does the file print anything to the browser?

Does the file accept any variables passed from the URL?

If you answer "no" to both of those questions, there's not really anything that can damage by accessing this file directly.

However, if you want to prevent people from loading certain files, you could check if the file was access by way of an include() or directly using some code like this at the top of each file you want to protect:

if (realpath(__FILE__) == realpath($_SERVER['SCRIPT_FILENAME'])){
   die("You are not allowed to access this file directly!");
}


#4 russia5

russia5
  • Members
  • PipPipPip
  • Advanced Member
  • 94 posts

Posted 25 August 2006 - 11:55 PM

Thankyou very Much!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users