I am using the Zend Framework for construction of my site, which uses the application.ini file to store database info (such as username and password). I discovered that typing /application/configs/application.ini in the web browser plainly shows all the contents of the applications.ini file.
How can I prevent this? I tried setting the chmod public access to nothing, but then the website couldn't function anymore because of access rights. Anyone familiar with this?
views:
51answers:
2
+3
A:
Your document root setting in your web server configuration should point to the subdirectory that has your index.php in it, not the top-level directory of the whole application install.
E.g., you have something like:
myapp/application/Bootstrap.php
myapp/application/configs/application.ini
myapp/application/controllers/...
myapp/application/views/...
myapp/library/...
myapp/tests/...
myapp/public/index.php
Set your document_root to myapp/public and not myapp.
Alex Howansky
2010-10-18 13:46:37
Does that have any effect on how urls work in my code? e.g. includes, fopens, etc?
RemiX
2010-10-19 15:55:01
For internal references (like in fopen()) there should be no change. For external references (like a URL), you'll no longer use http://mydomain.com/myapp/public/index.php -- you'll use http://mydomain.com/index.php
Alex Howansky
2010-10-19 18:27:26
A:
If you don't have access to change your document root and you are using the Apache web server, the "quick and dirty" approach might be to create a ".htaccess" file with the following contents, created in:
/application/configs
Contents:
deny from all
berty
2010-10-21 16:57:58