Well I didn’t find a way to move cakephp above (www, htdocs, etc)
Please refer to Remove cakephp 3.4 from webroot how to
I did however:
- Made a folder above htdocs (even with apache) named cake34up
- Put tmp\cache in that folder
- Put logs there also
- Created a file to house the salt and db password named salt.php
Now in cakephp (the folder inside htdocs) in the configs I,
include ROOTUP . "salt.php";
in paths
///paths.php
define('DIR', '/cakephp/'); //at bottom
/**
* Path to the temporary files directory.
*/
define('TMP', ROOTUP . DS . 'tmp' . DS);
/**
* Path to the logs directory.
*/
define('LOGS', ROOTUP . 'logs' . DS);
/**
* Path to the cache files directory. It can be shared between hosts in a multi-server setup.
*/
define('CACHE', TMP . 'cache' . DS);
//////do cache also///////////////////////
in index
index.php
define('ROOTUP', realpath(__DIR__ . '/../../../cake34up') . DIRECTORY_SEPARATOR);
in app
app
'username' => 'root',
'password' => $password,
'database' => 'tjhs2',
'encoding' => 'utf8',
'timezone' => 'UTC',
'flags' => [],
'cacheMetadata' => true,
'log' => false,
Notice I use $password, which I get from cake34up.
So the secure items are housed in cake34up, please let me know if this is secure. Seems cake is fairly secure anyway, but just some extra precautions.
I don’t really like, ok in test or development environment but not in production. If your needs is use subfolders, you can move stuff above document root, but this, imho, not introduce security improvements.