Welcome, Guest
Username: Password: Remember me

TOPIC: Step for making LimeSurvey 2 more secure (as with 1.92+ and earlier)

Step for making LimeSurvey 2 more secure (as with 1.92+ and earlier) 1 year 7 months ago #85528

  • tfj
  • tfj's Avatar
  • OFFLINE
  • Expert Lime
  • Posts: 80
  • Thank you received: 6
  • Karma: 5
In LimeSurvey 1.92+ and earlier, I have been able to modify the following line in my config.php file to add an extra level of security:

<?php include("/home/hostfolder/safedata/configreal.php"); ?>

As many of you already know, this is in the documentation for 1.92+ and earlier versions under the heading "Other security issues." This enables me to move our config.php file to a non-web location, thus keeping our database password, etc. reasonably out of reach of prying eyes.

I have been searching the documentation and forum for the equivalent to work with LimeSurvey 2.

Could someone please point me in the right direction? I would like to be able to figure this out by the time the stable version of LimeSurvey 2 comes out.

Thanks!

tfj
The administrator has disabled public write access.

Re: Step for making LimeSurvey 2 more secure (as with 1.92+ and earlier) 1 year 7 months ago #85540

  • DenisChenu
  • DenisChenu's Avatar
  • OFFLINE
  • Moderator Lime
  • Posts: 5869
  • Thank you received: 719
  • Karma: 223
Hello,

I think you can do this in
application/config/config.php

Denis
PS and use an include_once
Last Edit: 1 year 7 months ago by DenisChenu.
The administrator has disabled public write access.

Re: Step for making LimeSurvey 2 more secure (as with 1.92+ and earlier) 1 year 7 months ago #85613

  • tfj
  • tfj's Avatar
  • OFFLINE
  • Expert Lime
  • Posts: 80
  • Thank you received: 6
  • Karma: 5
Denis:

Thank you for your response. I tried the include_once and went through many trials-and-errors in trying to figure out what lines to change in the "configreal" file. Occasionally, I get an error indicating a syntax problem in the file. After many other attempts, I get simply a blank screen.

I'm guessing that the 'basepath' and the 'runTimePath' lines need to be changed, which is where I have been devoting my efforts. I was determined to figure this out on my own and then post the solution to the forum, but I am stuck.

I've always been able to use this technique in 1.92+ and earlier.

I have not been able to find this in the documentation, so if someone could point me in the right direction, I would appreciate it!

Thanks!

tfj
The administrator has disabled public write access.

Re: Step for making LimeSurvey 2 more secure (as with 1.92+ and earlier) 1 year 7 months ago #85616

  • DenisChenu
  • DenisChenu's Avatar
  • OFFLINE
  • Moderator Lime
  • Posts: 5869
  • Thank you received: 719
  • Karma: 223
Myabe you can do something with Yii:
www.yiiframework.com/155/the-directory-s...ii-project-site/#hh2

I don't look further but i think it's a starting method.

Denis
PS : you have in index.php:
$aSettings= include(APPPATH.'config'.DIRECTORY_SEPARATOR.'config.php');
Last Edit: 1 year 7 months ago by DenisChenu.
The administrator has disabled public write access.

Re: Step for making LimeSurvey 2 more secure (as with 1.92+ and earlier) 1 year 7 months ago #85618

  • tfj
  • tfj's Avatar
  • OFFLINE
  • Expert Lime
  • Posts: 80
  • Thank you received: 6
  • Karma: 5
Thanks, Denis. I'll keep digging. I am not yet familiar with Yii, so while I am digging, I am still asking for help/direction from anyone.

Thanks!

tfj
The administrator has disabled public write access.
Moderators: ITEd
Time to create page: 0.156 seconds
Donation Image