Where to place config.ini

JohnyX · May 10, 2018, 2:44pm

Hi,
I can’t find the place where to place my config.ini, which cointains database connection credentials. It is good practise to not place it in the public web directory, which is htdocs in my case. However, when I try to place it the root folder (where is the htdocs located too), it will get deleted.

ChrisPAR · May 10, 2018, 3:30pm

@Admin?
I am not so sure but isn’t any code that disable access to it from other users?

JohnyX · May 10, 2018, 3:35pm

Well, they have disabled access by default, but sometimes when webhost fails and begins serving PHP files as a text files, no one will get the database credentials as they will be outside the public web folder.

ChrisPAR · May 10, 2018, 3:40pm

@JohnyX said:
Well, they have disabled access by default, but sometimes when webhost fails and begins serving PHP files as a text files, no one will get the database credentials as they will be outside the public web folder.

I mean when they are in he htdocs folder.

JohnyX · May 10, 2018, 3:42pm

The htdocs folder is the public web folder isn’t it?

ChrisPAR · May 10, 2018, 3:45pm

Yes?

JohnyX · May 10, 2018, 3:46pm

Then leaving any files with credentials there could be dangerous IMO. Same for some PHP files.

Ranakhas · May 10, 2018, 4:29pm

@JohnyX said:
Then leaving any files with credentials there could be dangerous IMO. Same for some PHP files.

No, like WP_Config have Credentials in it but when we try to access it Reply with 520 HTTP Error so no problem if your coding is perfect!
I mean use if then else a perfect conditional statement
if Credentials found then show 403 Error else show configuration file

JohnyX · May 10, 2018, 4:52pm

I request the config db credentials file like
require ("configuration.php");
and the file has 600 permissions. Is that correct? And it is located in the htdocs folder.

Ranakhas · May 10, 2018, 5:02pm

@JohnyX said:
I request the config db credentials file like
require ("configuration.php");
and the file has 600 permissions. Is that correct? And it is located in the htdocs folder.

You have to locate it within htdocs although you can create a subdirectory if you feel insecure like WHMCS do they install files at subdirectory that no one can visit it from WEB

Oxy · May 10, 2018, 6:19pm

@JohnyX

in whatever subdir you put your config.ini file (in htdocs)
you can prevent access from outside
if you put .htaccess file in that folder with this content

Deny from All

if you have mixed content in that subfolder
and you just want to prevent a certain extension
this code will prevent any access from outside for .ini files

<Files ~ "\\.ini$">  
Order Allow,Deny
Deny from All
</Files>

JohnyX · May 10, 2018, 7:20pm

Thank you @OxyDac : I placed the htaccess inside that subfolder and blocked access to all files there.

Oxy · May 11, 2018, 8:52am

yw

ChrisPAR · May 11, 2018, 12:54pm

@OxyDac said:
@JohnyX

in whatever subdir you put your config.ini file (in htdocs)
you can prevent access from outside
if you put .htaccess file in that folder with this content

Deny from All

if you have mixed content in that subfolder
and you just want to prevent a certain extension
this code will prevent any access from outside for .ini files
<Files ~ "\\.ini$">  
Order Allow,Deny
Deny from All
</Files>

Thank you,I also learned something new,was sure that there was something he could do and you told it!

system · January 17, 2019, 7:31pm