Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
By bernardwright on
Using a standard 4.7 build everything works fine when the installation has been completed.
One concern that a client has is that there is a potential security risk of having settings.php in the webroot when it contains username and password details of the db. I appreciate that measures have been taken to ensure the file cannot be accessed but the concern still exists.
Therefore the suggestion is to move the /sites/... folder to an area outside of the webroot. We have tried this and modified bootstrap.inc confg_path to change the location of the /sites/ area and also updated require_once in confi_init. However when requesting the sites it defaults to the settings.php in the DEFAULT directory rather than the one in the /sites/www.abc.com area.
Is there a way of getting this to work well? I know that there could be a problem if site specific modules and themes are placed in the /sites/... area.
Thanks
Bernard
Comments
Why don't you ...
... leave it where it is. Move the contents of the file to another/"secure" location, and include('/full/path/to/supersecretsettings.php') the result in settings.php.
Thanks for that will give it
Thanks for that will give it a try. Actually in hindsight quite obvious, trying to be too clever!