Step for making LimeSurvey 2 more secure (as with 1.92+ and earlier)

More
4 years 8 months ago #85528 by tfj
tfj created the topic: Step for making LimeSurvey 2 more secure (as with 1.92+ and earlier)
In LimeSurvey 1.92+ and earlier, I have been able to modify the following line in my config.php file to add an extra level of security:

<?php include("/home/hostfolder/safedata/configreal.php"); ?>

As many of you already know, this is in the documentation for 1.92+ and earlier versions under the heading "Other security issues." This enables me to move our config.php file to a non-web location, thus keeping our database password, etc. reasonably out of reach of prying eyes.

I have been searching the documentation and forum for the equivalent to work with LimeSurvey 2.

Could someone please point me in the right direction? I would like to be able to figure this out by the time the stable version of LimeSurvey 2 comes out.

Thanks!

tfj

Please Log in to join the conversation.

More
4 years 8 months ago - 4 years 8 months ago #85540 by DenisChenu
DenisChenu replied the topic: Step for making LimeSurvey 2 more secure (as with 1.92+ and earlier)
Hello,

I think you can do this in
application/config/config.php

Denis
PS and use an include_once

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand (or search sondages pro).
An error happen ? Before make a new topic : remind the Debug mode .
Last Edit: 4 years 8 months ago by DenisChenu.

Please Log in to join the conversation.

More
4 years 8 months ago #85613 by tfj
tfj replied the topic: Step for making LimeSurvey 2 more secure (as with 1.92+ and earlier)
Denis:

Thank you for your response. I tried the include_once and went through many trials-and-errors in trying to figure out what lines to change in the "configreal" file. Occasionally, I get an error indicating a syntax problem in the file. After many other attempts, I get simply a blank screen.

I'm guessing that the 'basepath' and the 'runTimePath' lines need to be changed, which is where I have been devoting my efforts. I was determined to figure this out on my own and then post the solution to the forum, but I am stuck.

I've always been able to use this technique in 1.92+ and earlier.

I have not been able to find this in the documentation, so if someone could point me in the right direction, I would appreciate it!

Thanks!

tfj

Please Log in to join the conversation.

More
4 years 8 months ago - 4 years 8 months ago #85616 by DenisChenu
DenisChenu replied the topic: Step for making LimeSurvey 2 more secure (as with 1.92+ and earlier)
Myabe you can do something with Yii:
www.yiiframework.com/155/the-directory-s...ii-project-site/#hh2

I don't look further but i think it's a starting method.

Denis
PS : you have in index.php:
$aSettings= include(APPPATH.'config'.DIRECTORY_SEPARATOR.'config.php');

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand (or search sondages pro).
An error happen ? Before make a new topic : remind the Debug mode .
Last Edit: 4 years 8 months ago by DenisChenu.

Please Log in to join the conversation.

More
4 years 8 months ago #85618 by tfj
tfj replied the topic: Step for making LimeSurvey 2 more secure (as with 1.92+ and earlier)
Thanks, Denis. I'll keep digging. I am not yet familiar with Yii, so while I am digging, I am still asking for help/direction from anyone.

Thanks!

tfj

Please Log in to join the conversation.

Start now!

Just create your account and start using Limesurvey today.

Register now