previously, ttf stored database credentials in a php file, but pulled the rest of the config variables from the database.
this is a terrible use of a relational database table.
the best way to store data like this is in a flat text file. that's what we do now!
http://code.google.com/p/thinktankforums/sour … config.php
look at how beautiful that config file is! it's fast and clean--which is coincidentally what ttf is all about.
so, guess where i got the idea to store config options in a database table like that. i looked at how/where punbb stored config options:
http://punbb.informer.com/docs/dev.html#config
i promise to never take cues from punbb's architecture or technology. they do so many things poorly. and we can do them better. we just have to be creative and figure out the best solutions.
/o/
vote ttf on november fourth!
this is a terrible use of a relational database table.
=========================================== | name | value | =========================================== | forum_name | think tank forums | | maintenance | 0 | | | | | . | . | | . | . | | . | . | | | | ===========================================
the best way to store data like this is in a flat text file. that's what we do now!
http://code.google.com/p/thinktankforums/sour … config.php
look at how beautiful that config file is! it's fast and clean--which is coincidentally what ttf is all about.
so, guess where i got the idea to store config options in a database table like that. i looked at how/where punbb stored config options:
http://punbb.informer.com/docs/dev.html#config
i promise to never take cues from punbb's architecture or technology. they do so many things poorly. and we can do them better. we just have to be creative and figure out the best solutions.
/o/
vote ttf on november fourth!
awesome!
What if you wanted to edit the configuration though? You would have to rewrite the entire file, where as in a database you can just edit the field.
-Weasley
-Weasley
couldn't you just edit a line in the text file? I don't see how this is a problem; could you clarify why a db would be better in that case?
as maxlor has argued many times previously, database tables are overused. they shouldn't be used as text files nor as spreadsheets. they should be used only for relational data.
i don't think it's a problem for php to edit a line of the file.
i don't think it's a problem for php to edit a line of the file.
btw lucas are you the admin on here?
How would you go about editing the config file then? You would have to have it writable all the time, which is flawing the board security, btw I mean would you use fwrite on it?
-Weasley
How would you go about editing the config file then? You would have to have it writable all the time, which is flawing the board security, btw I mean would you use fwrite on it?
-Weasley
on the dev setups i use you only really modify the config file once (by hand) to setup the db, cookies params, and general website options and leave it alone. i imagine that's the same setup lucas uses.
presently there isn't any way to modify the config file from ttf itself. in fact even when the config file was in the db there wasn't a way to modify config params.
presently there isn't any way to modify the config file from ttf itself. in fact even when the config file was in the db there wasn't a way to modify config params.
good point, dbrown. I think you are assuming there is a web interface for the config, Weasley.
> You would have to have it writable all the time, which is flawing the board security
how does that make anything insecure? on my server, many of my configs in /etc/ are writable by root. is this insecure too?
how does that make anything insecure? on my server, many of my configs in /etc/ are writable by root. is this insecure too?
Even if a file is not writable you can still write to it, :w! in vi, or -f for cp, mv and most cmdline utils.
schg flag and kernel securelevel > 1 is the only way to prevent any writes (FreeBSD).
Even with a web interface, it doesn't matter if you use a flat file or a database, a database might actually be less secure because of sql injection attacks.
schg flag and kernel securelevel > 1 is the only way to prevent any writes (FreeBSD).
Even with a web interface, it doesn't matter if you use a flat file or a database, a database might actually be less secure because of sql injection attacks.
The solution to this is to sticky all files in a directory with config files.
what like:
/inc/config/board.php
/inc/config/dbname.php
and so on?
-Weasley
/inc/config/board.php
/inc/config/dbname.php
and so on?
-Weasley
gatz> i don't think the sticky bit really helps out here. plus many people won't be using a filesystem that supports sticky bits.