开发者

Location of .ini for web applications

问答 作者:

I have a php applicaiton and i'm planning to keep critical settings in a .ini file. However, i think that file can be accessed from over the web, so where is a "standard pl开发者_如何学Goace" for it to be placed?

You can store it above the document/web root or specifically block access to it. For example, a common structure for PHP applications is:

application/
public/

Where public is the web root - so I usually store application configuration in application/config where I know it can't be accessed.

An alternative would be to block it using Apache:

<!-- Block access to all .ini files -->
<Files ~ "\.ini">
    Order deny,allow
    Deny from all
</Files>

The "standard place" is anywhere not affected by the directory root of the apache. For example you can place it under /home/someuser/, or somewhere else.

Place the .ini file outside the web root or protect it with .htaccess if you really want to keep it under the web root.

It can be accessed if you place your INI file in your webroot/docroot.

Making sure the file is not accessible via the docroot is the first step.

I would use a database to be honest.

However, if you really want to use a flat file (e.g. .ini), you can place it in a directory, and use .htaccess to stop people from accessing it via their browser. That way, you can still access the file via php file functions.

To do this, make a file called .htaccess in the folder you want to protect (e.g. ini/)

Then, in this file put:

deny from all

The folder is now not accessible by going to the url in the browser.

Place the configuration in a directory that isn't readable by the webserver, yet is readable for the application. Generally, you have a specific directory that's readable by the webserver, such as "web", "www", "public" or "public_html". Make sure you put it in the directory below that one.

That way, your application can read the file:

$cfg = parse_ini_file( 
    realpath( dirname( __FILE__ ) . '/../' ) . '/config.php' 
);

Your webserver doesn't know how to reach it though, so it's secure.

a good example is Zend FW or any other php frameworks. directory structue is:

application/config/config.ini
library/Zend/
public/index.php

where public is accesible from web

继续阅读:iniphp

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9