Closed owen2 closed 13 years ago
andrewreisner
commented
13 years ago We just have to do this in such a way that if the config file has db usernames and passwords it is not readable by the webserver. Maybe we can keep all the db stuff in one struct object and other non-sensative information in an xml file.
owen2
commented
13 years ago When you say not readable by the webserver do you mean so that no one can read or download it?
andrewreisner
commented
13 years ago Only our scripts can access it, we don't want a plaintext or xml file with db passwords in it. The advantage of having the struct object is only the scripts can read and download it. If someone tries to download the php object file they will only get the output of the php script.
owen2
commented
13 years ago makes sense, i'll make it so that all they get is
andrewreisner
commented
13 years ago The db configuration object I currently have set up on the ComputerClub repo is dbauth.php if you want to check that out. Its used in connect.php and functions.php.
owen2
commented
13 years ago I'll model the rest of the configs after this and try to merge it all into one file.
owen2
commented
13 years ago Config files is in place, we'll migrate more stuff to it later.
Factor out some hardcoded strings, like db location and url into a config file that we can .gitignore and keep different on different servers. Also, could be used to make this work for different schools and stuff.