#1
  1. A Change of Season
    Devshed Frequenter (2500 - 2999 posts)

    Join Date
    Mar 2004
    Location
    Next Door
    Posts
    2,653
    Rep Power
    171

    Is there something wrong with keeping config.php in public_html folder?


    Hi;

    In general is there something wrong with keeping db_config.php in public_html folder?

    Its not a bank website, its just list of emails and phones.

    Thanks
  2. #2
  3. Did you steal it?
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Location
    Washington, USA
    Posts
    13,997
    Rep Power
    9397
    Short answer: yes. Don't do it.

    Long answer: kinda. There are increased risks to doing so but 99% of the time it's fine. It's just those 1% of times you have to worry about, and depending what you're hiding that 1% could be a very bad thing.
  4. #3
  5. A Change of Season
    Devshed Frequenter (2500 - 2999 posts)

    Join Date
    Mar 2004
    Location
    Next Door
    Posts
    2,653
    Rep Power
    171
    Originally Posted by requinix
    Short answer: yes. Don't do it.

    Long answer: kinda. There are increased risks to doing so but 99% of the time it's fine. It's just those 1% of times you have to worry about, and depending what you're hiding that 1% could be a very bad thing.
    The only thing that I have experienced was that the browser (for some reason that I don't know) instead of loading index.php opened force download index.php !! It was on local host but I thought if that happens on line any visitor can download any page!

    Is that the 1% you're refering to?
  6. #4
  7. Did you steal it?
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Location
    Washington, USA
    Posts
    13,997
    Rep Power
    9397
    The 1% is basically server configuration problems. Files not executed through PHP, stuff like that.

    Downloads like you've seen are typically transfer weirdness: the script was run but there was a hiccup somewhere and so Apache is trying to make you download the output (or even give you an empty download).
  8. #5
  9. Mad Scientist
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Oct 2007
    Location
    North Yorkshire, UK
    Posts
    3,661
    Rep Power
    4123
    you can, if you choose to design your app this way, place all but one php file outside the web root - the one left in is like the gateway to all the rest; but only one can be called.

    I tend to separate out the files into app code and view code so anything that has template parts in it goes under the web root and everything else is outside the web root.

    Should one be found and accessed directly the worst case is that it is parsed as PHP and we see an undefined index for variable $c
    I said I didn't like ORM!!! <?php $this->model->update($this->request->resources[0])->set($this->request->getData())->getData('count'); ?>

    PDO vs mysql_* functions: Find a Migration Guide Here

    [ Xeneco - T'interweb Development ] - [ Are you a Help Vampire? ] - [ Read The manual! ] - [ W3 methods - GET, POST, etc ] - [ Web Design Hell ]

IMN logo majestic logo threadwatch logo seochat tools logo