Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Keeping config keystore outside document root
Keeping config keystore outside document root
  • El Forum
    Guest
  •  
#1
03-02-2011, 05:27 AM

[eluser]mr_prasanna[/eluser]
Hi,

I've a keys tore file with database password, encryption salts, security key for PayPal and other APIs and want to keep it outside the document root in order to keep it safe. Is there a way to achieve this easily without complicating the reactor upgrade process in the future?
  • El Forum
    Guest
  •  
#2
03-02-2011, 07:08 AM

[eluser]Derek Allard[/eluser]
Installation instructions walk you through how to do exactly that by keeping your system and application folders above web root.
  • El Forum
    Guest
  •  
#3
03-02-2011, 07:11 AM

[eluser]Wuushu[/eluser]
So what you are saying is that you are storing many different passwords, keys and identificaton credentials inside one file located on your web server?

I would strongly advise against this.. :-)
  • El Forum
    Guest
  •  
#4
03-02-2011, 07:18 AM

[eluser]Derek Allard[/eluser]
I don't think he's keeping them in plain text, I think he just wants to ensure they are above the doc root. Database passwords, encryption salts, etc are fundamentally needed for CI to perform - that's the point of the config folder.
  • El Forum
    Guest
  •  
#5
03-02-2011, 08:35 AM

[eluser]InsiteFX[/eluser]
Place your system and application folders above in your root.

Place index.php below your root.
Edit your index.php and point the directories to where they are.

InsiteFX
  • El Forum
    Guest
  •  
#6
03-02-2011, 11:53 AM

[eluser]moodh[/eluser]
Personally I created a passwords.ini, placed it in /etc/ and made it read-only for www-data only.
Then I access it like this:
$ini = parse_ini_file('/etc/passwords.ini');
$db['default']['password'] = $ini['database_password'];
unset($ini);

That way you won't need to store any passwords in your code base at all, just keeping it above webroot isn't enough if you want to use github/websvn/bitbucket. The performance loss is negligible and your own programmers (if you're more than one) can't simply mess up to leak passwords unwillingly.
  • El Forum
    Guest
  •  
#7
03-02-2011, 11:39 PM

[eluser]mr_prasanna[/eluser]
Thanks for the replies. Yes the key store actually contains main site settings (url, log path), paypal api key, link point account number, some md5 passwords for 3rd party web services, the database password etc.

Idea behind keeping them all at one place is to make sure it's not changed often and during changes it's just one file to be modified. I'm sure we should avoid access to this file by jr. developers.




Theme © iAndrew 2016 - Forum software by © MyBB