Welcome Guest, Not a member yet? Register   Sign In
how to disable .env
#1

Hi,

Is there a way to disable .env from CI4 ?
I think there is  a library that enables this .. so just knowing and deleting/disabling the function/class that reads the .env file would be sufficient ?
Reply
#2

im on linux not sure about Windows; with the default install you get an "env" and if i am correct the system reads entries afting renaming to ".env".

The quickest way (probably) to stop .env being used would be to rename it to say "env_bk".

i.e on Linux (permissiins may have to be considered)
cd to root of web application and ..
$ mv .env env_bk

//that changes .env to env_bk


personally i don't use .env anyway and prefer to just edit the php files

for instance for database settings , i edit app/Config/Database.php
Arch Book  CodeIgniter4 on Apache(pages 92-114) 
Reply
#3

thank you for the answer, but the need is to disable someone over-riding parameters from the .env file .. this means even if a .env file is present, CI4 should ignore it completely.
Reply
#4

(This post was last modified: 03-15-2021, 06:48 AM by yuma2020.)

(03-15-2021, 04:14 AM)admin0 Wrote: thank you for the answer, but the need is to disable someone over-riding parameters from the .env file .. this means even if a .env file is present, CI4 should ignore it completely.
Hello admin0, I understand your concerns, as you will see in linux environments secure a system and make the sea safer because it is simply recognizing the need to keep it functional, it is known that many hackers use reading ".env" of the data they contain and it is known that it is a responsibility to carry security safeguards of it but in exceptional cases it can be understood that it is , how it works and what it's for.
If you are looking to disable the .env file you can do it, but in case you train sea disable it you will have to study the codeigniter thoroughly, it is I think I a waste of time because we only talk about a useful fun that can be applied.
Now, the picture if you want to use a security layer should consider how and why this solution is very useful.
Protecting the file in is simply applying a chmod 600 enough to carry out any security parameter and is functional in both windows and linux and is really useful, you can also use the differentiated properties example a user different from the system and more protected from your hosting users in CASES VPS Root, in case it is a shared hosting and without pods require a lot of security.
[Image: Dise-o-sin-t-tulo-44.jpg]
Are the benefits of an.env?
The benefits are that .envs are simple to protect other files, so it divides the security capability and consider a criterion my criterion is an error to burn the time by applying changes to this file.
What are the benefits of versioning?
Well, .envs are simply omitted by default in a way that more efficiently divides the delicate usage parameters of database usage and prevents leaks that are a versioning repository.
Why is it better to protect an .env file in case of deleting it?
Simply because .env is a solution and through efficient it is simple to protect in linux a professional system working on end products for production or RC of the cloud.
The reason for the interest of remove .env is security?

If the reason is for security consider the following, I think it is a question of each administrator as it feels more comfortable, but it is known that protecting a file is simpler than making changes that between versions may exist errors or you may need the functions of the .env, beyond what options it is important to consider that you should think better ways to maintain security since applying greater security on a .env will be simpler than seeking access through other means and it's important unless you plan to leave a security breach open for hackers.
Another issue is in case of security failure you can protect the .env to prevent the server data from being leaked in case FTP versions are compromised in case of vulnerable versions.
You could also avoid many situations in case any hacker accesses your user by transfers via http insecure.
He also considers it to be one of the most successful improvements since the Codeigniter team, it's no coincidence.

I hope you understand these reasons and in my case I would look to analyze the function env, to start learning more about the operation, but remember that I would not recommend it because of the security breaches, but if you want to do it your way because you feel free to do what you think is appropriate.
Reply
#5

The class is:
system/Config/DotEnv.php

It is called from:
system/bootstrap.php
system/Test/bootstrap.php
Reply
#6

Many thanks. Exactly what I was looking for.
Reply




Theme © iAndrew 2016 - Forum software by © MyBB