duanjiao7440 2015-03-19 12:16
浏览 15

将数据库密码放在$ _SERVER中是否安全?

I am learning Symfony2, and if i refer to The Symfony CookBook (http://symfony.com/doc/current/cookbook/configuration/external_parameters.html) they tell us to put sensitive options (like database password and user) outside of Symfony.

It is safe to put that informations on $_SERVER ?

SetEnv          SYMFONY__DATABASE__USER user
SetEnv          SYMFONY__DATABASE__PASSWORD password

If yes (or no), why?

Thanks you in advance

  • 写回答

1条回答 默认 最新

  • douhanshu5517 2015-03-19 14:48
    关注

    Every PaaS platform (elasticbeanstalk, heroku, etc..) uses Environment Variables (in php accessible via $_SERVER and getenv function). IMO if you disable phpinfo function in production (because everybody loves to create file info.php in root dir;]) it's a pretty safe place to hold password.

    评论

报告相同问题?

悬赏问题

  • ¥20 基于MSP430f5529的MPU6050驱动,求出欧拉角
  • ¥20 Java-Oj-桌布的计算
  • ¥15 powerbuilder中的datawindow数据整合到新的DataWindow
  • ¥20 有人知道这种图怎么画吗?
  • ¥15 pyqt6如何引用qrc文件加载里面的的资源
  • ¥15 安卓JNI项目使用lua上的问题
  • ¥20 RL+GNN解决人员排班问题时梯度消失
  • ¥60 要数控稳压电源测试数据
  • ¥15 能帮我写下这个编程吗
  • ¥15 ikuai客户端l2tp协议链接报终止15信号和无法将p.p.p6转换为我的l2tp线路