#6 admin folder require statements (0.65b1)

closed-later
nobody
None
5
2002-02-01
2001-09-25
Luis M
No

just a suggestion:

Inside the folder 'admin' where all *admin.php3 files
reside, all files have the statement:
require("../config.php3");

usually I don't like to keep the config.php3 file in
the root level of the website (for whatever reason,
especially security). I usually put that file inside
the phplib folder, from which all my includes usually
come from, so my path looks something like:
--- .htaccess file ---
php_value include_path ".:/path/to/phplib"

since this file (htaccess) is needed for the
prepend.php3 file to be called, then people should be,
in my opinion, encourage to put the config.php3 file
within their php include_path, and the "admin" folder
files should all call for:
require("config.php3")

this will enhance security.

Discussion

  • nathan hruby
    nathan hruby
    2001-11-23

    • labels: 103596 -->
    • milestone: 102080 -->
    • status: open --> open-later
     
  • nathan hruby
    nathan hruby
    2001-11-23

    Logged In: YES
    user_id=19736

    Not a bad idea but will most likely cause a confilt with
    others apps, as pretty much everything has a config.php3 :)

    Will try to think up soomehtiing better. Will probably be
    something for 0.7, pending on what happens with the phplib
    include methodology. For now it's not a completly evil
    thing to have config.php3 in your DocRoot so long as
    everything isn't mode 644 (unless you're the only user on
    the box :)

    Refiling as a Feature Request and Making it for Later.

     
  • Joe Stewart
    Joe Stewart
    2002-02-01

    • status: open-later --> closed-later
     
  • Joe Stewart
    Joe Stewart
    2002-02-01

    Logged In: YES
    user_id=77269

    The current cvs ( 01/31/2002) allows for the config file to
    be in the include_path, outside the web root, and a
    different admin config file.