• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
proper place to keep userid and password for mysql

#1
Where should I keep the userid and password? Should they be put in a .env file? Right now I have the userid and password hard coded into database.php. That can't be right? Where should I keep those fields
proof that an old dog can learn new tricks
Reply

#2
Please read this first.

Paragon Initiative Enterprises Blog - The 2018 Guide to Building Secure PHP Software
What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )
Reply

#3
Thanks Insite. Lots of good info in there. It would take me a year or longer to do all the things it mentions. I guess the goal would be to pick the 5 most important ones, and fix those. What are the five most important?

Anyway, I am in the middle of Dockerizing my app and have mysql in separate container from the php 7.2. So clearly I will need to modify the way my app logs in to mysql, such as using the container name. But since I am touching this part of the code, I figured it is a good time to take my userid/password out of the code and place it somewhere more secure.

Perhaps this is a question for the Docker people? One idea is to make env variables out of them and pass them into the container in the docker-compose.yml?
proof that an old dog can learn new tricks
Reply

#4
As long as the files aren't accessible from a URL you are safe. You need to have your application, system folders outside your document_root.

/application
/system
/public/index.php
/public/assets/* (js, css, img)
Reply

#5
I am glad I asked!
/opt/docker-substantiator
    /apache
    /app
        /application
            /cache
            /config
            /controllers
            /core
            .
            .
        /assets
        /css
        /images
        /js
        /system
        /uploads
        /vendor
        composer.json
        index.php
    /mysql
    /php
    docker-compose.yml
    .env


I think my document root is /app. What do I need to do?
proof that an old dog can learn new tricks
Reply

#6
You can find the information in the Docs, on what you need to change to be able to move the application and system folder.
https://codeigniter.com/user_guide/insta...index.html
Reply

#7
(10-26-2019, 01:39 AM)jreklund Wrote: You can find the information in the Docs, on what you need to change to be able to move the application and system folder.
https://codeigniter.com/user_guide/insta...index.html
On my Docker install on my laptop base url= 'http://localhost' is aok. I really only have a local install so far. 

When I finally put the whole thing up on my server, the base url will be different.  It seems to be saying to just set my view folder to point outside the application folder. That I can do and reset the $view_folder in index.php.  But right now the userid and password of the mysql sit in .env. This is ABOVE the app directory. 
/opt
    /docker-substantiator
        .env
        /app     <<<includes the /application, /system, /vendor, etc

So .env is not accessible from doc root. Is that sufficient for holding my passwords? Must /system be moved?
proof that an old dog can learn new tricks
Reply

#8
Your password are safe. The reason for that you don't want /application and /system folder inside your /app folder are in case of a miss-configured server and your source code can be downloaded or displayed in plain text.
Reply

#9
I moved the /application directory to /opt/docker-substantiator/application.
I also changed the line in index.php to:

$application_folder = '/opt/docker-substantiator/application';

When I type localhost in my browser I now get:
Your application folder path does not appear to be set correctly. Please open the following file and correct this: index.php

Any idea what went wrong?
proof that an old dog can learn new tricks
Reply

#10
Nope, I have never used Docker. And I probably never will. I don't see the need to package a application that way.

My guess are that directory don't get mounted, or just not mounted with /opt being accessible as root.

Try with ../application instead.
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.