How to securely to deploy PHP project with a dbconnect/config file?
Im using Capistrano to deploy my PHP project which is going great (other than the fact that its uploading to current/ and i want to go to / but ill figure that out later), but i need some advice as to where i can securely put my config.php file (contains all the mysql connect info) so that it wont be subject to hackers.
Any know an开发者_开发百科y good methods or links?
Every file will be subjected to hackers if they hack the system... The file location isn't critical, but you can put it above public_html
in order to prevent clients accessing it directly. Ironically, even if you put it there - the details can leak to the client due to bad PHP configuration (if having inappropriate error level)
Do you use an .htaccess file? Assuming you're using apache, you can also chown the file to your apache user and chmod it to 600.
I ended up just putting in a directory and added an include .conf file to apache configuration that block access to that directory.
精彩评论