- edited description
How to protect config file on public website?
I am total newbie with git and bitbucket.
What is good way to protect files (config) in a location which is accessible from the internet? Is there possible to put config file to another location?
In config file there is account details, username and password for bitbucket.
Comments (2)
-
reporter -
repo owner - changed status to resolved
The config.php file will be handled by the PHP interpreter if directly accessed in the browser, yielding no output whatsoever (since it contains only variable declarations). It is therefore safe to keep it in its default location.
You could move it out of your
public_html
orwww
folders (and make sure you correctly include it from thedeploy.php
andgateway.php
scripts), to make it unreachable from public, but that is really not necessary.Alternatively, you could set up Basic HTTP Authentication for the bitbucket-sync folder, but extra care must be taken in order to make sure BitBucket can still reach
gateway.php
script when posting commit data to your server. - Log in to comment