Sag Rising

Notes to Myself

Sqlite Web Security II

Posted by Richard Cockrum on January 31, 2008

A couple of days ago, in Sqlite Web Security, I said I didn't see how to move an SQLite database out of the web directory. I feel dumb, because the problem really was silly.

Rather than using


you can just use a hardcoded path like so:



$_SERVER['DOCUMENT_ROOT] . '/../../path/to/db.file'


Notice the extra level of indirection. This is required when working with a subdomain. When working with a root domain, the

$_SERVER['DOCUMENT_ROOT'] . '/../path/to/'


As an added measure of security, move the actual Habari config.php out of the web directory, and place it in another directory, too. Create a separate config.php file in Habari's root directory, and just include the real configuration file in it:

<?php include($_SERVER['DOCUMENT_ROOT'] . '/../../path/to/config.php' ); ?>

This entry is filed under and . You can follow any responses to this entry through the feed . New comments are currently closed.

What do you think?
Comments for this post are disabled.