Is it possible (or even adisable) to move the sql username and password out of the config.inc.php and into a more secure folder on the server? I wonder if it could be a security risk, since the PHP is in fact plain text, unencrypted?
I just moved to BlueHost, where I was pointed to this article about PHP security:
http://helpdesk.bluehost.com/kb/index.php?x=&mod_id=2&id=319
Thanks!
Forgot to mention, I found this post in a search...
http://forum.coppermine-gallery.net/index.php?topic=362.msg1864#msg1864
It is more than four years old, so perhaps this potential security hole has been addressed since then?
You can move the file outside the webroot if you want. Just remember to update include/init.inc.php with the new path. Having the file there is standard for web scripts like Coppermine, the risk is small.
OK, thanks!
Asking because I am new to Coppermine, how would the changes would look like if the paths would be the following:
http://www.mydomain.com/gallery (URL)
/home/mydomainID/public_html/gallery
If I would move the config out to even before /public_html, what would I have to change in the init.inc.php ?
I would appreciate any help. ;)
Thank you.
Wolfseye
// Include config and functions files
if(file_exists('include/config.inc.php')){
ob_start();
require_once 'include/config.inc.php';
ob_clean();
} else {
Change path there (2 times). Preferably using something like ../../include/config.inc.php to be more portable.