securing the config file
Issue #354
invalid
hi I want to thank you for the above average application phplite admin! my situation is that I am running php with IIs and I basically put phpliteadmin in a restricted folder child to my wwwroot folder. it's been a long time since I developed and need to be reminded of best way to harden that child folder called restricted but it's not ha ha the subtleties elude me. many thank's in advance!
Comments (2)
-
repo owner
-
repo owner
- changed status to invalid
- Log in to comment
I am unsure whether I understand the problem. The config file of phpliteamin is a php file. If you open it in the browser, and your server is configured to correctly parse php files, the user will not see anything. If you want to, you can put an additional password protection on the whole phpliteadmin folder. With apache webserver, you would do this with an .htaccess file. I don't know how to do in in IIS. If you manage an IIS webserver, accessible to the public, you really should know how to do these things. If you don't, google is your friend.
In case you are talking about the SQLIte databases that you manage with phpLiteAdmin: Of course, you need to secure these as well. The best way is to move them out of the wwwroot folder. You can configure the path where phpLiteAdmin searches for them. Of course, you need to make sure that php has enough filesystem permissions to access these files there. Also,you might need to adjust open_basedir restrictions then. Of course, if you put a password protection on the phpLiteAdmin folder and you have your dbs in there, then you already have a basic protection of the dbs.
Anyway, this is the job of the your webserver admin. He should know how to do these things in the secure way. I don't know IIS and I can't tell you how to configure it in a secure way.