| data in .ENV on risk? Security best practices |
(08-16-2024, 04:28 AM)FlavioSuar Wrote: I think the .ENV file is just for use on local development environment... No, you should not set e.g., database passwords in the config files. Because config files are a part of an app source code that is shared with developers. So secrets for production should not set in config files, should be set in environment variable or some other places. But you could set environment variables with apache/nginx config. See https://codeigniter.com/user_guide/gener...tml#apache |
| Messages In This Thread |
|
data in .ENV on risk? Security best practices - by JanFromHamburg - 08-16-2024, 01:02 AM
RE: data in .ENV on risk? Security best practices - by FlavioSuar - 08-16-2024, 04:28 AM
RE: data in .ENV on risk? Security best practices - by kenjis - 08-17-2024, 07:15 PM
RE: data in .ENV on risk? Security best practices - by kenjis - 08-17-2024, 07:08 PM
|
