Placing the configure.php files outside the webroo

[peterr]

Hi,

 

Has anyone got any tips/techniques please, for placing the /catalog/includes/configure.php and the /admin/includes/configure.php files outside the webroot path ?

 

I think /application_top.php is the only place where these files are included, like:

 

// Include application configuration parameters
 require('includes/configure.php');

 

obviously I can use relative paths like:

 

// Include application configuration parameters
 require('../configure.php');

 

which for the catalog 'application_top.php' is still in the webroot path (because 'catalog == the webroot). To get back to the shell (bash) level, can I do this:

 

// Include application configuration parameters
 require(..../configure.php');

 

Just wondering what is possible. Essentially, I would like to be able to protect these files more, as they have the db username, password, db name, everything someone needs to connect to the database. Also, they have the login username to the account.

 

Thanks,

 

Peter

[damo2576]

I was thinking along similar lines.

 

Would be interested also to know what people think.

 

Damo

[damo2576]

actaully what about just changing the name of configure files rather than moving?

 

easy and would stop the opportunist junior hax0rs! like renaming admin dir

[peterr]

Hi,

 

actaully what about just changing the name of configure files rather than moving ?

 

Yep, good idea, but I'd rather place the files somewhere outside of the webroot path, otherwise the 'admin' user can display them (then they get sent as plain text across the internet unless you have 'admin' as SSL connection), and also an FTP user can read files under 'public_html' path (this is ually the admin person as well).

 

I guess I'll just do a small PHP script, and try these include paths as relative, and see what happens. :)

 

Thanks,

 

Peter