Where should the credentials for mysql be put?

时间:2015-10-30 21:28:10

标签: php mysql git

Logging into a mysql database requires credentials. I have these credentials in a PHP class called class.DBOne.php.

This is in a git repo on a server. I use push to deploy.

I want to share the repo with some contract devs, but I don't want them to have access to the credentials.

How do I mitigate this?

Are the credentials were they are supposed to be?

Here is a snippet:

<?php

// creates one instance of a database
class DBOne
{
    private $DB_USER =              'foo';
    private $DB_PASS =              'foo';
    private $DB_DRIVER =            'mysql:dbname=foo;host=localhost';

    // singleton uses static variable to ensure only 1 instance at a time
    private static $database;

    private function __construct()
    {
        $this->checkForClearDB();
        // self::checkForClearPostgres();
        try
        {
            // instaniate a database connection
            self::$database = new PDO( $this->DB_DRIVER, $this->DB_USER, $this->DB_PASS );
        } 
        catch( PDOException $pdoError )
        {
            echo 'pdo connection failed: ' . $pdoError->getMessage();
        }
    }

4 个答案:

答案 0 :(得分:2)

Have a look at https://github.com/vlucas/phpdotenv

Loads environment variables from a file .env to getenv(), $_ENV and $_SERVER automagically.

答案 1 :(得分:2)

Move the credentials to a separate file, and keep the content as simple as possible, essentially just variable assignments, like this:

<?php    
$DB_USER =              'foo';
$DB_PASS =              'foo';
$DB_DRIVER =            'mysql:dbname=foo;host=localhost';
?>

And don't add this file in version control. Add a sample file instead, that developers should customize to their local dev database.

When you use these variables in another file, you will have to indicate that they are in the global scope using the global keyword, for example:

global $DB_USER, $DB_PASS, $DB_DRIVER;

答案 2 :(得分:1)

You should put the credentials in a separate file / folder outside of the web-root and leave it out of the repository.

What you could do, is add a mysql dump with the database structure and perhaps some test data so that the devs can setup their own environment.

答案 3 :(得分:1)

Check out blackbox. Uses top notch gpg encryption to securely store credentials that can only be accessed by specific users (or build slaves).

相关问题
最新问题