I'm looking for everyones opinions of where they prefer to store site settings. (Everything from sensitive settings, to what theme a user has selected.) Cookies, Text File on Server, MySQL database, ect.
In addition to providing your preference of where and how your store site settings; explain why; and include security advantages/disadvantages. (Thank you in advance for your time.)
Site Settings (Location)
Moderator: General Moderators
Re: Site Settings (Location)
I'm not sure I do it in the most secure way, but..
I place non-login (NOT email, database, etc info) details in a database row in it's own table. It's often in the main database that all the other queries go to. Thinking about it, I should place it in a separate database with a separate database login.
I either hardcode the login and extremely sensitive data in a regular .php file above document root in an ini file above document root. Occasionally I have hardcoded these values into an include file (such as a dbconnect.php).
I place non-login (NOT email, database, etc info) details in a database row in it's own table. It's often in the main database that all the other queries go to. Thinking about it, I should place it in a separate database with a separate database login.
I either hardcode the login and extremely sensitive data in a regular .php file above document root in an ini file above document root. Occasionally I have hardcoded these values into an include file (such as a dbconnect.php).
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
Re: Site Settings (Location)
For all environment dependent configuration I use ini files (easy Zend Framework way
)
Example:
For general application configuration (which sometimes can be set from config planel i use XML files. Easy to handle generic setters and getters e.g. $config->getUserTimeout(); or $config->setUserTimeout(); when we have <UserTimeout>22</UserTimeout>. Really easy to maintain.
All user related stuff i keep in DB - in most cases in one DB with the rest of data.
Example:
Code: Select all
[production]
phpSettings.display_startup_errors = 0
phpSettings.display_errors = 0
includePaths.library = APPLICATION_PATH "/../library"
[staging : production]
[testing : production]
phpSettings.display_startup_errors = 1
phpSettings.display_errors = 1
[development : production]
phpSettings.display_startup_errors = 1
phpSettings.display_errors = 1
[general]All user related stuff i keep in DB - in most cases in one DB with the rest of data.