forum.coppermine-gallery.net
Support => cpg1.4.x Support => Older/other versions => cpg1.4 permissions => Topic started by: Eric Chadwick on January 27, 2008, 07:43:05 pm
-
Is it possible (or even adisable) to move the sql username and password out of the config.inc.php and into a more secure folder on the server? I wonder if it could be a security risk, since the PHP is in fact plain text, unencrypted?
I just moved to BlueHost, where I was pointed to this article about PHP security:
http://helpdesk.bluehost.com/kb/index.php?x=&mod_id=2&id=319
Thanks!
-
Forgot to mention, I found this post in a search...
http://forum.coppermine-gallery.net/index.php?topic=362.msg1864#msg1864
It is more than four years old, so perhaps this potential security hole has been addressed since then?
-
You can move the file outside the webroot if you want. Just remember to update include/init.inc.php with the new path. Having the file there is standard for web scripts like Coppermine, the risk is small.
-
OK, thanks!
-
Asking because I am new to Coppermine, how would the changes would look like if the paths would be the following:
http://www.mydomain.com/gallery (URL)
/home/mydomainID/public_html/gallery
If I would move the config out to even before /public_html, what would I have to change in the init.inc.php ?
I would appreciate any help. ;)
Thank you.
Wolfseye
-
// Include config and functions files
if(file_exists('include/config.inc.php')){
ob_start();
require_once 'include/config.inc.php';
ob_clean();
} else {
Change path there (2 times). Preferably using something like ../../include/config.inc.php to be more portable.