[SOLVED] Protect local.config.php file on FTP

[Tylor Eddy]

G'day Guys,

I have recently appointed a dev guy within my VA, and I'm trying to allow him access to the dev site to work. Currently i have setup the account so he can access the files, but he can also access the local.config.php, and other sensitive files that contain passwords and information i don't want him to get at, how can i prevent him from accessing these files ? i have tried the permissions but that doesn't seem to stop the account.

I setup the ftp account through my host's cpanel option. I can see that i can password protect a directory, but why not a file ?

I'm not sure you guys have done this before but if someone has, any help would be great.

Cheers

Tylor

[TennShadow]

G'day Guys,

I have recently appointed a dev guy within my VA, and I'm trying to allow him access to the dev site to work. Currently i have setup the account so he can access the files, but he can also access the local.config.php, and other sensitive files that contain passwords and information i don't want him to get at, how can i prevent him from accessing these files ? i have tried the permissions but that doesn't seem to stop the account.

I setup the ftp account through my host's cpanel option. I can see that i can password protect a directory, but why not a file ?

I'm not sure you guys have done this before but if someone has, any help would be great.

Cheers

Tylor

I have a dev site also and what I did was took a copy of my production database and imported it into a new database called phpvms_dev. Then in my dev site I changed the local.config file to point to my dev site. That way my dev copy of PHPVMS would still work and not affect my production database in any way. If you do this he will not have access to your production database or passwords.

As for FTP access, when you create a new sub FTP account if asks you the folder you want it to point to so that user can not see anything but that folder and it's contents. If you copy your prod files over to that folder he can do what he needs to do without seeing your prod files. If they can see the production files then it's not setup as a sub FTP account.

Also, if your dev site is on the same server you need to change the cookie name so you don't have any login conflicts between the two sites.

To do that go to line 575 in your app.config.php fine and find

define ('VMS_AUTH_COOKIE', 'VMSAUTH') ; 

Change VMSAUTH to something like DEVAUTH.

[Tylor Eddy]

I have a dev site also and what I did was took a copy of my production database and imported it into a new database called phpvms_dev. Then in my dev site I changed the local.config file to point to my dev site. That way my dev copy of PHPVMS would still work and not affect my production database in any way. If you do this he will not have access to your production database or passwords.

As for FTP access, when you create a new sub FTP account if asks you the folder you want it to point to so that user can not see anything but that folder and it's contents. If you copy your prod files over to that folder he can do what he needs to do without seeing your prod files. If they can see the production files then it's not setup as a sub FTP account.

Also, if your dev site is on the same server you need to change the cookie name so you don't have any login conflicts between the two sites.

To do that go to line 575 in your app.config.php fine and find

define ('VMS_AUTH_COOKIE', 'VMSAUTH') ; 

Change VMSAUTH to something like DEVAUTH.

G'day Keith,

He will still be able to get the password from the file, as its the same password as my production site, as both databases are on the same server i am not given an option to set a password when creating a database. i have my site within a subfolder, which is all he can access, he cannot access the production site in any way, Also my app.config.php is a bit different to yours, i've got

//Config::Set('SESSION_COOKIE_NAME', 'VMS_AUTH_COOKIE');

under my cookie information, i take it i uncomment this ?

[TennShadow]

He will still be able to get the password from the file, as its the same password as my production site, as both databases are on the same server i am not given an option to set a password when creating a database.

My databases are on the same server as well. That's the point of having two totally separate databases. You just copy the database tables into a new database with a new user and password. Then on your dev site local.config file you set it to the new username and password. Since it's a different database it doesn't need the same username and password as the production database. Does your host use CPanel? You should be able to use the database wizard to create a new database with a different user account.

Also my app.config.php is a bit different to yours, i've got

//Config::Set('SESSION_COOKIE_NAME', 'VMS_AUTH_COOKIE');

under my cookie information, i take it i uncomment this ?

No, don't comment it out. Just rename VMS_AUTH_COOKIE to something different like DEV_AUTH_COOKIE for your dev site.

[Tylor Eddy]

My databases are on the same server as well. That's the point of having two totally separate databases. You just copy the database tables into a new database with a new user and password. Then on your dev site local.config file you set it to the new username and password. Since it's a different database it doesn't need the same username and password as the production database. Does your host use CPanel? You should be able to use the database wizard to create a new database with a different user account.

No, don't comment it out. Just rename VMS_AUTH_COOKIE to something different like DEV_AUTH_COOKIE for your dev site.

Ok i think i've got it sorted now,

Also the cookie information was already commented out, is that normal ?

Thanks for your help so far, i think we're getting closer now

Cheers

Tylor

[Tylor Eddy]

Ok i've created a new MySQL user, and set them details in the local.config.php, but i get a fatal error with ezdb_mysql.class.php on line 99

[TennShadow]

Could you post the full error?

[Tylor Eddy]

No worries

Fatal error: Uncaught <blockquote><font face=arial size=2 color=000099><b>Last Error --</b> [<font color=000000><b>Access denied for user 'qantasvi_dev'@'localhost' (using password: YES) (1045)</b></font>]<br />[<font color=000000><b></b></font>]</font><p> </blockquote><hr noshade color=dddddd size=1> thrown in /home/qantasvi/public_html/dev/core/classes/ezdb/ezdb_mysql.class.php on line 99

The user has full permissions when i set the account up

Cheers

Tylor

[TennShadow]

No worries

Fatal error: Uncaught <blockquote><font face=arial size=2 color=000099><b>Last Error --</b> [<font color=000000><b>Access denied for user 'qantasvi_dev'@'localhost' (using password: YES) (1045)</b></font>]<br />[<font color=000000><b></b></font>]</font><p> </blockquote><hr noshade color=dddddd size=1> thrown in /home/qantasvi/public_html/dev/core/classes/ezdb/ezdb_mysql.class.php on line 99

The user has full permissions when i set the account up

Cheers

Tylor

That error is one we see a lot here. It definitely is a permission issue with the db user account. Double check the username and password and make sure all permissions are granted.

[TennShadow]

Ok i think i've got it sorted now,

Also the cookie information was already commented out, is that normal ?

Thanks for your help so far, i think we're getting closer now

Cheers

Tylor

I just checked my app.config file. The cookie information you quoted is on line 207. You need to go to line 575 and change it there.

[Tylor Eddy]

G'day Keith,

All good now, turns out the password i set was wrong, i must not have copied it all when i got one generated from cpanel.

Thanks very much Keith for helping me through this

Tylor

[TennShadow]

G'day Keith,

All good now, turns out the password i set was wrong, i must not have copied it all when i got one generated from cpanel.

Thanks very much Keith for helping me through this

Tylor

Awesome, I'm glad you got it all worked out!