Move configuration data out of globals.php

comphist / cora

A web-based, token-level annotation tool for non-standard language data

http://www.linguistics.rub.de/comphist/resources/cora/

MIT License

10 stars 6 forks source link

Move configuration data out of globals.php #17

Closed mbollmann closed 7 years ago

mbollmann commented 9 years ago

Originally reported by: Marcel Bollmann (Bitbucket: mbollmann, GitHub: mbollmann)

Server-specific configuration should not be stored in globals.php, but in some external configuration file.

Particularly, passwords shouldn't be stored in a web-accessible directory, as is currently the case with this setup.

Bitbucket: https://bitbucket.org/mbollmann/cora/issue/14

mbollmann commented 9 years ago

Original comment by Marcel Bollmann (Bitbucket: mbollmann, GitHub: mbollmann):

Configuration data has been refactored as per commit b3ed57b.

It is still in the main web directory by default (/config.php), but the refactoring allows us to easier change this system in the future.

Meanwhile, one idea to move sensible config data out of the web directory: replace config.php with a symbolic link pointing to a location outside the web directory, and configure the web server to not follow symlinks in .

mbollmann commented 9 years ago

Original comment by Marcel Bollmann (Bitbucket: mbollmann, GitHub: mbollmann):

Apparently, other projects (like MediaWiki) are doing something similar.

Also, with the new CMake build system, configuration data such as passwords are at least no longer stored in the repo.

Putting this on hold for now.