Well I didn’t find a way to move cakephp above (www, htdocs, etc)
Please refer to Remove cakephp 3.4 from webroot how to
I did however:
- Made a folder above htdocs (even with apache) named cake34up
- Put tmp\cache in that folder
- Put logs there also
- Created a file to house the salt and db password named salt.php
Now in cakephp (the folder inside htdocs) in the configs I,
include ROOTUP . "salt.php";
in paths
///paths.php
define('DIR', '/cakephp/'); //at bottom
/**
* Path to the temporary files directory.
*/
define('TMP', ROOTUP . DS . 'tmp' . DS);
/**
* Path to the logs directory.
*/
define('LOGS', ROOTUP . 'logs' . DS);
/**
* Path to the cache files directory. It can be shared between hosts in a multi-server setup.
*/
define('CACHE', TMP . 'cache' . DS);
//////do cache also///////////////////////
in index
index.php
define('ROOTUP', realpath(__DIR__ . '/../../../cake34up') . DIRECTORY_SEPARATOR);
in app
app
'username' => 'root',
'password' => $password,
'database' => 'tjhs2',
'encoding' => 'utf8',
'timezone' => 'UTC',
'flags' => [],
'cacheMetadata' => true,
'log' => false,
Notice I use $password, which I get from cake34up.
So the secure items are housed in cake34up, please let me know if this is secure. Seems cake is fairly secure anyway, but just some extra precautions.