How to protect config file on public website?

Alexandru Lixandru repo owner

changed status to resolved

The config.php file will be handled by the PHP interpreter if directly accessed in the browser, yielding no output whatsoever (since it contains only variable declarations). It is therefore safe to keep it in its default location.

You could move it out of your public_html or www folders (and make sure you correctly include it from the deploy.php and gateway.php scripts), to make it unreachable from public, but that is really not necessary.

Alternatively, you could set up Basic HTTP Authentication for the bitbucket-sync folder, but extra care must be taken in order to make sure BitBucket can still reach gateway.php script when posting commit data to your server.

2016-02-16T10:02:23+00:00

Comments (2)

Marko Suvila reporter
- edited description
- 2015-04-01T16:10:53+00:00
Alexandru Lixandru repo owner
- changed status to resolved
The config.php file will be handled by the PHP interpreter if directly accessed in the browser, yielding no output whatsoever (since it contains only variable declarations). It is therefore safe to keep it in its default location.

You could move it out of your public_html or www folders (and make sure you correctly include it from the deploy.php and gateway.php scripts), to make it unreachable from public, but that is really not necessary.

Alternatively, you could set up Basic HTTP Authentication for the bitbucket-sync folder, but extra care must be taken in order to make sure BitBucket can still reach gateway.php script when posting commit data to your server.
- 2016-02-16T10:02:23+00:00
Log in to comment