id	summary	reporter	owner	description	type	status	priority	milestone	component	version	severity	resolution	keywords	cc	mlocked
1542	DB access should be put back in conf.php	evilhamsterman@…	Isaac Richards	".htaccess is not designed for setting configuration variables for you program unless it has to do with configuring the behaviour of the server to work with the web app.  Stuff like controlling mod_rewrite or authorization is what .htaccess is for.  The programs own configuration files is supposed to control stuff like DB access variables.  conf.php used to hold the DB access and it was moved out and put into .htaccess for some reason.  It makes more sense to have it in conf.php for a several reasons.
----

-Compatibility
Not all webservers (such as lighttpd) use apaches .htaccess but they do use php so if the DB access is in the applications own configuration files then you improve compatibilty with other webservers.  And not everybody wants to run Apache especially if the system is primarily for MythTV another server such as lighttpd makes more sense
----

-Security
I noticed that there is code to take the environment variables and set internal variable to the environment variables and then remove the environment variables for security reasons.  Why not skip that step and avoid the risk all together by never having the variables in the environment.
----

-Ease of Setup
Having all the configuration variables in one place makes setup and maintanence easier than having to edit several files.

I don't understand why the DB setting were moved out of conf.php in the first place but especially to support servers other than Apache I think that the DB settings should be put back in conf.php"	defect	closed	minor	0.20	mythtv		low	invalid			0