I've seen other posts regarding this topic but wanted another opinion for my particular situation.

Background:
I have one class file that contains database connection info (as well as the entire application's configurations). I want to ensure this file is not accessible to the public. I am currently using Subversion to push my changes to my development server, then a script runs to deploy the new files to the web server.

I do not have access at the file level ( I can't get to the server's directories or files as this is all done through subversion). I do not have access to php.ini but can have someone change it with every push I make (not very efficient!) - our servers are in our parent company (a very long way away).

How do I/Questions:
1. Hide the sensitive file to protect my sensitive data
2. Make these files accessible to my application
3. Is it possible to keep this file under my app's directory (I ask because then I can keep this file in my subversion repository without changing anything in my push process).

A future release will probably store this configuration info in a database and I'll create an interface for it but right now I'm rolling to production this Wednesday. Plus I currently like keeping the number of database queries on the low side).

Anyone have suggestions?

Thanks in advance for your help.

    I was thinking of using $_SERVER['DOCUMENT_ROOT'] and dumping the file in the www directory - this would work locally but I'm not sure about my server. The server's DOCUMENT_ROOT points to /var/www/www.thesitename.com. If the files are dumped in the WWW directory, wouldn't they still be accessible to unscrupulous users?

    Also, this server will be hosting several of my company's sites.

    Thanks again.

      If the files are dumped in the WWW directory, wouldn't they still be accessible to unscrupulous users?

      It depends, but generally, no. Placing such configuration files outside of the document root is the way to go.

        Thanks, laserlight!

        So in the example I gave you above for my server's document root ( /var/www/www.thesitename.com), outside the document root would be in /www or above /var?

        If this is the best option, my mid-tier team just needs to modify their scripts to add this one file to the repository and deployment script.

        Thanks again.

          So in the example I gave you above for my server's document root ( /var/www/www.thesitename.com), outside the document root would be in /www or above /var?

          /var/www/ should be correct, according to what you gave of your web server configuration.

            Write a Reply...