Well I didn't find a way to move cakephp above (www, htdocs, etc)
Please refer to http://discourse.cakephp.org/t/remove-cakephp-3-4-from-webroot-how-to/2335/2
I did however:
- Made a folder above htdocs (even with apache) named cake34up
- Put tmp\cache in that folder
- Put logs there also
- Created a file to house the salt and db password named salt.php
Now in cakephp (the folder inside htdocs) in the configs I,
include ROOTUP . "salt.php";
define('DIR', '/cakephp/'); //at bottom
* Path to the temporary files directory.
define('TMP', ROOTUP . DS . 'tmp' . DS);
* Path to the logs directory.
define('LOGS', ROOTUP . 'logs' . DS);
* Path to the cache files directory. It can be shared between hosts in a multi-server setup.
define('CACHE', TMP . 'cache' . DS);
//////do cache also///////////////////////
define('ROOTUP', realpath(__DIR__ . '/../../../cake34up') . DIRECTORY_SEPARATOR);
'username' => 'root',
'password' => $password,
'database' => 'tjhs2',
'encoding' => 'utf8',
'timezone' => 'UTC',
'flags' => ,
'cacheMetadata' => true,
'log' => false,
Notice I use $password, which I get from cake34up.
So the secure items are housed in cake34up, please let me know if this is secure. Seems cake is fairly secure anyway, but just some extra precautions.