0

i have following config.php.inc file in my root directory, i am wondering is it safe or not safe to put config file into root of website and does my configuration file is secure or not.

if its not secure how can i make it more secure?

<?php 

    global $configVars;

    $configVars['online'] = false;  

    if(($_SERVER['SERVER_NAME'])!='localhost' and ($_SERVER['SERVER_NAME'])!='abc')
    {
$configVars['dbhost']       = "localhost";          // Database host address //
$configVars['dbuser']       = "dbuser";   // Database user name     //  
$configVars['dbpassword']   = "bq;^4";        // Database password     //
$configVars['dbname']       = "dbname";  // Database name         //
$configVars['dbport']       = 3306;             // Database port         //

    define('SERVER_NAME', 'http://sitesurl/');
    define("SITE_ABSOLUTE_PATH", SERVER_NAME."");


} else {

    $configVars['dbhost']       = "localhost";          // Database host address //
    $configVars['dbuser']       = "root";              // Database user name    //  
    $configVars['dbpassword']   = "";                 // Database password     //
    $configVars['dbname']       = "localdb";     // Database name         //
    $configVars['dbport']       = 3306;             // Database port         //


    ////////// Define Variables
    define('SERVER_NAME', 'http://localhost');
    define("SITE_ABSOLUTE_PATH", SERVER_NAME."/site/");
    }
?>
air
  • 6,136
  • 26
  • 93
  • 125
  • try this if you want to hide the file.. change your extension to anyone or add it to filematch as mentioned in the page.. http://stackoverflow.com/questions/2860019/how-to-hide-certain-file-type-using-apache-htaccess – Dinesh Nov 11 '12 at 07:47

1 Answers1

1

There is no need to make security check in config file. content in this file is not accessible from end user or hackers.

the problem come to stage when some body hacking your script and download config file or get it's content with any other way.

thanks

Mohammad Ahmad
  • 715
  • 8
  • 22
  • Global variables may be unsafe. – Gabriel Santos Nov 11 '12 at 07:31
  • It's like any php var, but as @Gabriel mentioned Global Variables is not safe, $configVars is not a global variable. so it's safe. for more about php security fundamentals visit http://phpsec.org/, yes it's old but have useful articles. – Mohammad Ahmad Nov 11 '12 at 10:38