CodeIgniter Forums

Full Version: proper place to keep userid and password for mysql
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2
Where should I keep the userid and password? Should they be put in a .env file? Right now I have the userid and password hard coded into database.php. That can't be right? Where should I keep those fields
Thanks Insite. Lots of good info in there. It would take me a year or longer to do all the things it mentions. I guess the goal would be to pick the 5 most important ones, and fix those. What are the five most important?

Anyway, I am in the middle of Dockerizing my app and have mysql in separate container from the php 7.2. So clearly I will need to modify the way my app logs in to mysql, such as using the container name. But since I am touching this part of the code, I figured it is a good time to take my userid/password out of the code and place it somewhere more secure.

Perhaps this is a question for the Docker people? One idea is to make env variables out of them and pass them into the container in the docker-compose.yml?
As long as the files aren't accessible from a URL you are safe. You need to have your application, system folders outside your document_root.

/public/assets/* (js, css, img)
I am glad I asked!

I think my document root is /app. What do I need to do?
You can find the information in the Docs, on what you need to change to be able to move the application and system folder.
(10-26-2019, 01:39 AM)jreklund Wrote: [ -> ]You can find the information in the Docs, on what you need to change to be able to move the application and system folder.
On my Docker install on my laptop base url= 'http://localhost' is aok. I really only have a local install so far. 

When I finally put the whole thing up on my server, the base url will be different.  It seems to be saying to just set my view folder to point outside the application folder. That I can do and reset the $view_folder in index.php.  But right now the userid and password of the mysql sit in .env. This is ABOVE the app directory. 
        /app     <<<includes the /application, /system, /vendor, etc

So .env is not accessible from doc root. Is that sufficient for holding my passwords? Must /system be moved?
Your password are safe. The reason for that you don't want /application and /system folder inside your /app folder are in case of a miss-configured server and your source code can be downloaded or displayed in plain text.
I moved the /application directory to /opt/docker-substantiator/application.
I also changed the line in index.php to:

$application_folder = '/opt/docker-substantiator/application';

When I type localhost in my browser I now get:
Your application folder path does not appear to be set correctly. Please open the following file and correct this: index.php

Any idea what went wrong?
Nope, I have never used Docker. And I probably never will. I don't see the need to package a application that way.

My guess are that directory don't get mounted, or just not mounted with /opt being accessible as root.

Try with ../application instead.
Pages: 1 2