Security: Moving application and system folder out of public_html

Security: Moving application and system folder out of public_html - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Using CodeIgniter (https://forum.codeigniter.com/forumdisplay.php?fid=5)
+--- Forum: Installation & Setup (https://forum.codeigniter.com/forumdisplay.php?fid=9)
+--- Thread: Security: Moving application and system folder out of public_html (/showthread.php?tid=68013)

Security: Moving application and system folder out of public_html - moinchoudhari - 05-10-2017

Hi,
Does it increase the security if I move the application and system folder out of public access to server root?
Also, is there anyway we can use password other than the plain text in database config and email config?
At present, if someone hack the system and manages to get the above file they will easily get access to the database.

RE: Security: Moving application and system folder out of public_html - ciadmin - 05-10-2017

https://www.codeigniter.com/user_guide/general/managing_apps.html
https://www.codeigniter.com/user_guide/general/environments.html

See https://github.com/bcit-ci/codeigniter-website for an example

RE: Security: Moving application and system folder out of public_html - kilishan - 05-10-2017

(05-10-2017, 03:20 AM)moinchoudhari Wrote: Hi,
Does it increase the security if I move the application and system folder out of public access to server root?

It increases security in the case that you have an accidental mis-configuration of the server that might allow access to things that shouldn't. So, it's more of a safeguard against human error.

[/quote]
Also, is there anyway we can use password other than the plain text in database config and email config?
At present, if someone hack the system and manages to get the above file they will easily get access to the database.
[/quote]

Nope. If we encrypt the values in such a way that it can be reversed (which it would have to if the system is able to connect to the database) then an attacker could easily un-encrypt it. A little exploration and they'd easily find the method if they are on your server.

RE: Security: Moving application and system folder out of public_html - moinchoudhari - 05-10-2017

@ciadmin I have already gone through that. Just was keen to know whether it safeguard the files or not. However, the reply from @kilishan has cleared this to some extent. Thanks both of you for your time and replies to my questions.