Improve Config Strategy Regarding File Permissions #24
Description
Currently in the app folder, we have a config.php. However, imagine someone who takes Faster to make a software product, and he wants an install script to create the config.php. Two problems occur:
- We're not doing a file_exists check, and that causes an error.
- Since we're putting config.php in app, that means the customer who buys a software product made with Faster must do like a
chmod -R 0755 apporchmod -R 0777 app. That's a problem because it opens up security issues that people might forget to undo. A better solution would be to move config.php into an app/_config path, and then a customer merely has to make app/_config writable, rather than app.
Because the config file is part of the framework, the config folder should probably be _config for consistency reasons. Besides, in some text editors, this sorts this folder to the top, which people kind of prefer.
Therefore, I suggest a change where we move config.php to app/_config, and then we revise index.php so that it does a file_exists check and moves on without it if necessary.