Sag Rising

Notes to Myself

Sqlite Web Security II

Posted by Richard Cockrum on January 31, 2008

A couple of days ago, in Sqlite Web Security, I said I didn't see how to move an SQLite database out of the web directory. I feel dumb, because the problem really was silly.

Rather than using

$_SERVER['DOCUMENT_ROOT'] . '/../sqlite.name'

you can just use a hardcoded path like so:

'/home/user/path/to/sqlite.name'

or

$_SERVER['DOCUMENT_ROOT] . '/../../path/to/db.file'

.


Notice the extra level of indirection. This is required when working with a subdomain. When working with a root domain, the

$_SERVER['DOCUMENT_ROOT'] . '/../path/to/sqlite.name'


works.


As an added measure of security, move the actual Habari config.php out of the web directory, and place it in another directory, too. Create a separate config.php file in Habari's root directory, and just include the real configuration file in it:


<?php include($_SERVER['DOCUMENT_ROOT'] . '/../../path/to/config.php' ); ?>

This entry is filed under and . You can follow any responses to this entry through the feed . New comments are currently closed.

What do you think?
Comments for this post are disabled.