And So I just finished my first php codeigniter application, and i'm going to deploy it to some server. However, I have heard it is extremely bad practice to help keep database configurations inside your document root. Does Codeigniter in some way hide the configurations in application/config/database.php or must i slowly move the entire application folder elsewhere and reference it from index.php? Thanks!
It might be bad practice if you are file is openly accessable, but it is not necessarily a bad factor by itself. For instance, WordPress (a Content management systems that forces most from the internet) stores it's database config information within the document root inside a file known as
The recommendation we follow in WordPress land would be to chmod the file to
755 so that it's only readable by auth'ed customers and Apache.
sudo chmod 755 file.ext
.htaccess files within the
/system folders that deny access however it certainly is smart to move these folders from any openly accessible folders.
The CodeIgniter front controller (
index.php) consists of variables for altering the applying and system folder locations.
I usually slowly move the application and system folders outdoors of
docroot. By doing this, no application files are available on the internet, only the bootstrap.
Inside a default CI install, you receive this:
public_html // the docroot folder application system index.php
I change it out such as this:
application system public_html // the docroot folder index.php
And alter index.php for this:
$system_path = '../system'; $application_folder = '../application';