Page 1 of 1
Site Settings (Location)
Posted: Thu Nov 24, 2011 8:52 pm
by Hermit TL
I'm looking for everyones opinions of where they prefer to store site settings. (Everything from sensitive settings, to what theme a user has selected.) Cookies, Text File on Server, MySQL database, ect.
In addition to providing your preference of where and how your store site settings; explain why; and include security advantages/disadvantages. (Thank you in advance for your time.)
Re: Site Settings (Location)
Posted: Thu Nov 24, 2011 11:09 pm
by s.dot
I'm not sure I do it in the most secure way, but..
I place non-login (NOT email, database, etc info) details in a database row in it's own table. It's often in the main database that all the other queries go to. Thinking about it, I should place it in a separate database with a separate database login.
I either hardcode the login and extremely sensitive data in a regular .php file above document root in an ini file above document root. Occasionally I have hardcoded these values into an include file (such as a dbconnect.php).
Re: Site Settings (Location)
Posted: Tue Nov 29, 2011 4:03 am
by maxx99
For all environment dependent configuration I use ini files (easy Zend Framework way

)
Example:
Code: Select all
[production]
phpSettings.display_startup_errors = 0
phpSettings.display_errors = 0
includePaths.library = APPLICATION_PATH "/../library"
[staging : production]
[testing : production]
phpSettings.display_startup_errors = 1
phpSettings.display_errors = 1
[development : production]
phpSettings.display_startup_errors = 1
phpSettings.display_errors = 1
[general]
For general application configuration (which sometimes can be set from config planel i use XML files. Easy to handle generic setters and getters e.g. $config->getUserTimeout(); or $config->setUserTimeout(); when we have <UserTimeout>22</UserTimeout>. Really easy to maintain.
All user related stuff i keep in DB - in most cases in one DB with the rest of data.