Site Settings (Location)

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
Hermit TL
Forum Commoner
Posts: 69
Joined: Mon Nov 21, 2011 12:16 am

Site Settings (Location)

Post by Hermit TL »

I'm looking for everyones opinions of where they prefer to store site settings. (Everything from sensitive settings, to what theme a user has selected.) Cookies, Text File on Server, MySQL database, ect.

In addition to providing your preference of where and how your store site settings; explain why; and include security advantages/disadvantages. (Thank you in advance for your time.)
User avatar
Tranquility In Moderation
Posts: 5001
Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana

Re: Site Settings (Location)

Post by »

I'm not sure I do it in the most secure way, but..

I place non-login (NOT email, database, etc info) details in a database row in it's own table. It's often in the main database that all the other queries go to. Thinking about it, I should place it in a separate database with a separate database login.

I either hardcode the login and extremely sensitive data in a regular .php file above document root in an ini file above document root. Occasionally I have hardcoded these values into an include file (such as a dbconnect.php).
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
Forum Contributor
Posts: 142
Joined: Mon Nov 21, 2011 3:40 am

Re: Site Settings (Location)

Post by maxx99 »

For all environment dependent configuration I use ini files (easy Zend Framework way :) )

Code: Select all

phpSettings.display_startup_errors = 0
phpSettings.display_errors = 0
includePaths.library = APPLICATION_PATH "/../library"

[staging : production]

[testing : production]
phpSettings.display_startup_errors = 1
phpSettings.display_errors = 1

[development : production]
phpSettings.display_startup_errors = 1
phpSettings.display_errors = 1

For general application configuration (which sometimes can be set from config planel i use XML files. Easy to handle generic setters and getters e.g. $config->getUserTimeout(); or $config->setUserTimeout(); when we have <UserTimeout>22</UserTimeout>. Really easy to maintain.

All user related stuff i keep in DB - in most cases in one DB with the rest of data.
Post Reply