Opened 13 years ago

Closed 13 years ago

#1542 closed defect (invalid)

DB access should be put back in conf.php

Reported by: evilhamsterman@… Owned by: Isaac Richards
Priority: minor Milestone: 0.20
Component: mythtv Version:
Severity: low Keywords:
Cc: Ticket locked: no

Description

.htaccess is not designed for setting configuration variables for you program unless it has to do with configuring the behaviour of the server to work with the web app. Stuff like controlling mod_rewrite or authorization is what .htaccess is for. The programs own configuration files is supposed to control stuff like DB access variables. conf.php used to hold the DB access and it was moved out and put into .htaccess for some reason. It makes more sense to have it in conf.php for a several reasons.


-Compatibility Not all webservers (such as lighttpd) use apaches .htaccess but they do use php so if the DB access is in the applications own configuration files then you improve compatibilty with other webservers. And not everybody wants to run Apache especially if the system is primarily for MythTV another server such as lighttpd makes more sense


-Security I noticed that there is code to take the environment variables and set internal variable to the environment variables and then remove the environment variables for security reasons. Why not skip that step and avoid the risk all together by never having the variables in the environment.


-Ease of Setup Having all the configuration variables in one place makes setup and maintanence easier than having to edit several files.

I don't understand why the DB setting were moved out of conf.php in the first place but especially to support servers other than Apache I think that the DB settings should be put back in conf.php

Change History (1)

comment:1 Changed 13 years ago by Dibblah

Resolution: invalid
Status: newclosed

Feature request without patch. Please read the ticket howto before submitting tickets.

Note: See TracTickets for help on using tickets.