douxian5963 2014-08-27 14:19
浏览 79
已采纳

如何在Ubuntu和Windows中设置环境变量并安全存储?

I am working on an application based on laravel. I need to set my database password in the config so that laravel can use it to connect to the database.

Now I have two problems: 1) I don't want to set password for every other local environment I use. 2) I don't want to set the password in the config file because when I share the code with my team members on git, they can view my password.

I may have figured out a way around this which is to store the password in an environment variable and then use the getenv() PHP function to retrieve it in the config file. So now I can just set the environment variable in any number of environments and the code in the config file will remain the same, and also the other members won't be able to see my password.

Now I don't know how to set environment variables, and other stuff like global/local environment variables and temporary/persistent variables.

And if I am storing the password in the environment variables, should I hash these passwords? Will they be accessible to other users who log onto my machine? And if I do hash them and store them, how am i supposed to use them in the config file?

Is there a different, a more ideal way around my problem?

  • 写回答

3条回答 默认 最新

  • donglian1982 2014-08-27 14:52
    关注

    Laravel Way

    Laravel uses .env.php files to solve this for you: http://laravel.com/docs/configuration#protecting-sensitive-configuration. But as you still need to set the environment in your start.php file, I prefer to do it differenlty:

    My Way

    I create a .environment file in my app root folder with things like:

    <?php

return [

    'LARAVEL_ENV' => 'development',

    'DOMAIN' => 'myapp.com',

    'DEBUG_MODE' => true,

    'MAIN.DATABASE_HOST' => 'localhost',
    'MAIN.DATABASE_NAME' => 'databasename',
    'MAIN.DATABASE_USER' => 'myusername',
    'MAIN.DATABASE_PASSWORD' => 'basswort',

];

    I have a class to load the environment file:

    <?php

namespace PragmaRX\Support;

use Exception;

class Environment {

    protected static $loaded = false;

    public static function load($file = null)
    {
        if ( ! static::$loaded)
        {
            if ( ! file_exists($file))
            {
                throw new Exception('Environment file (.environment) was not set or does not exists: '.$file);
            }

            foreach(require $file as $key => $value)
            {
                if ($value === false)
                {
                    $value = '(false)';
                }
                else
                if ($value === null)
                {
                    $value = '(null)';
                }
                else
                if (empty($value))
                {
                    $value = '(empty)';
                }

                putenv(sprintf('%s=%s', $key, $value));
            }

            static::$loaded = true;
        }
    }

    public static function getDetectionClosure($file = null)
    {
        static::load($file);

        return function() { return getenv('LARAVEL_ENV'); };
    }
}

    Then in my app/bootstrap/start.php I just need to load it this way:

    $env = $app->detectEnvironment(
    \App\Environment::getDetectionClosure(__DIR__.'/../.environment')
);

    As you can see, the closure will return the current LARAVEL_ENV, stored in my .environment file. But it also will load all keys to the PHP environment, so, now, in my application I just need to 

    <?php

return [

    'fetch' => PDO::FETCH_CLASS,

    'default' => 'main',

    'connections' => [

        'main' => [
            'driver'   => 'pgsql',
            'host'     => getenv('MAIN.DATABASE_HOST'),
            'database' => getenv('MAIN.DATABASE_NAME'),
            'username' => getenv('MAIN.DATABASE_USER'),
            'password' => getenv('MAIN.DATABASE_PASSWORD'),
            'charset'  => 'utf8',
            'prefix'   => '',
            'schema'   => 'public',
        ],

    ],

];

    Add the .environment file to your gitignore file and you should be safe, but you'll have to, of course, create (or copy and edit) the file every time you set a new server.

    About Security

    Everything in your system is a file, you are protected if your files are protected. It's that simple. A VirtualHost file is a file accessible by your webserver, if someone hacks your webserver you'll have not only your .environment file exposed, but also your VirtualHost one, so IMO you're not securer using one or another.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)

报告相同问题?

悬赏问题

  • ¥15 表达式必须是可修改的左值
  • ¥15 如何绘制动力学系统的相图
  • ¥15 对接wps接口实现获取元数据
  • ¥20 给自己本科IT专业毕业的妹m找个实习工作
  • ¥15 用友U8:向一个无法连接的网络尝试了一个套接字操作,如何解决?
  • ¥30 我的代码按理说完成了模型的搭建、训练、验证测试等工作(标签-网络|关键词-变化检测)
  • ¥50 mac mini外接显示器 画质字体模糊
  • ¥15 TLS1.2协议通信解密
  • ¥40 图书信息管理系统程序编写
  • ¥20 Qcustomplot缩小曲线形状问题