tags:

views:

113

answers:

3
+1  Q: 

should i move the config file from codeigniter directory

I've just published my site, created with codeigniter.

the entire directory is in my public folder, including the config file (in public/system/application/config).

I just wanted to double check: do I have to move this file to another, non public, directory? I think codeigniter doesn't allow any direct access, but I am not 100% sure..

thanks, P.

A: 

It shouldn't be necessary to move these to a non public directory. If you try to access them via the web, you get the message: "No direct script access allowed".

In other words, you can't access the config contents via the web!

Phill Sacre  2010-05-11 11:18:43
A: 

Hi,

If you give the correct permitions to your directory you should not have any problem with the standart location of the file.

Regards,
Pedro

Pedro  2010-05-11 11:22:43
+5  A: 

Ideally you should move both the system folder and the application folder out of the web root. You can modify the path's in the index.php, so all that is available in web root is your index.php, JS, CSS, etc.

That is not always possible, so as long as you are blocking requests to sensitive files with if(defined()) and .htaccess you will be fine.

Phil Sturgeon  2010-05-11 11:45:25
Yes, this is exactly right. Check for if ( ! defined('BASEPATH')) exit('No direct script access allowed'); at the top of all of your config files - if it's there, you're safe. Then someday when you have time to fiddle around, move the CI application folder out of your public web folder and into the web root.
Summer  2010-05-12 14:06:44

related questions

What are possible causes for a large number of sleeping connections to a MySQL Server?
Link to unless current -- possible in CI?
In CodeIgniter, how can I have PHP error messages emailed to me?
Image Manipulation in CodeIgniter
CakePHP or CodeIgniter Longterm Upgrade / Maintainability?
Simple Search: passing form variable to URI?
How to use CodeIgniter/MVC views inside jQuery ajax tabs?
Is there a way to pass arguments to a query in CodeIgniter *without* using ActiveRecord?
How to output data from tables with same column names in CodeIgniter?
Explain this mod_rewrite rule
code igniter / cakephp and ms access
Where should assets go in a code igniter project?
PHP - CodeIgniter - Usage
Best practices: What's the best way for constructing headers and footers? Call it all from the controller, or include from the view file?
How can I just get the "Year" portion from the output of timespan() in CodeIgniter?
Lightest possible PHP MVC
Subfolders in CodeIgniter
Set up Apache for local development/testing?
Which PHP framework is closest to Ruby on Rails? CakePHP? CodeIgniter?
Table Sorting using CodeIgniter
Role Based Access Control
PHP: Object oriented vs. MVC (CodeIgniter)
Can you access a model from inside another model in CodeIgniter?
Smarty integration into the Code Igniter framework.
Code igniter (PHP framework)