should i move the config file from codeigniter directory
I've just published my site, created with codeigniter.
the entire directory is in my public folder, including the config file (in public/system/application/config).
I just wante开发者_如何学Cd to double check: do I have to move this file to another, non public, directory? I think codeigniter doesn't allow any direct access, but I am not 100% sure..
thanks, P.
Ideally you should move both the system folder and the application folder out of the web root. You can modify the path's in the index.php, so all that is available in web root is your index.php, JS, CSS, etc.
That is not always possible, so as long as you are blocking requests to sensitive files with if(defined()) and .htaccess you will be fine.
It shouldn't be necessary to move these to a non public directory. If you try to access them via the web, you get the message: "No direct script access allowed".
In other words, you can't access the config contents via the web!
If you give the correct permitions to your directory you should not have any problem with the standart location of the file.
Regards,
Pedro
精彩评论