douxian5963 2014-08-27 14:19
浏览 79
已采纳

如何在Ubuntu和Windows中设置环境变量并安全存储?

I am working on an application based on laravel. I need to set my database password in the config so that laravel can use it to connect to the database.

Now I have two problems: 1) I don't want to set password for every other local environment I use. 2) I don't want to set the password in the config file because when I share the code with my team members on git, they can view my password.

I may have figured out a way around this which is to store the password in an environment variable and then use the getenv() PHP function to retrieve it in the config file. So now I can just set the environment variable in any number of environments and the code in the config file will remain the same, and also the other members won't be able to see my password.

Now I don't know how to set environment variables, and other stuff like global/local environment variables and temporary/persistent variables.

And if I am storing the password in the environment variables, should I hash these passwords? Will they be accessible to other users who log onto my machine? And if I do hash them and store them, how am i supposed to use them in the config file?

Is there a different, a more ideal way around my problem?

  • 写回答

3条回答 默认 最新

  • donglian1982 2014-08-27 14:52
    关注

    Laravel Way

    Laravel uses .env.php files to solve this for you: http://laravel.com/docs/configuration#protecting-sensitive-configuration. But as you still need to set the environment in your start.php file, I prefer to do it differenlty:

    My Way

    I create a .environment file in my app root folder with things like:

    <?php

return [

    'LARAVEL_ENV' => 'development',

    'DOMAIN' => 'myapp.com',

    'DEBUG_MODE' => true,

    'MAIN.DATABASE_HOST' => 'localhost',
    'MAIN.DATABASE_NAME' => 'databasename',
    'MAIN.DATABASE_USER' => 'myusername',
    'MAIN.DATABASE_PASSWORD' => 'basswort',

];

    I have a class to load the environment file:

    <?php

namespace PragmaRX\Support;

use Exception;

class Environment {

    protected static $loaded = false;

    public static function load($file = null)
    {
        if ( ! static::$loaded)
        {
            if ( ! file_exists($file))
            {
                throw new Exception('Environment file (.environment) was not set or does not exists: '.$file);
            }

            foreach(require $file as $key => $value)
            {
                if ($value === false)
                {
                    $value = '(false)';
                }
                else
                if ($value === null)
                {
                    $value = '(null)';
                }
                else
                if (empty($value))
                {
                    $value = '(empty)';
                }

                putenv(sprintf('%s=%s', $key, $value));
            }

            static::$loaded = true;
        }
    }

    public static function getDetectionClosure($file = null)
    {
        static::load($file);

        return function() { return getenv('LARAVEL_ENV'); };
    }
}

    Then in my app/bootstrap/start.php I just need to load it this way:

    $env = $app->detectEnvironment(
    \App\Environment::getDetectionClosure(__DIR__.'/../.environment')
);

    As you can see, the closure will return the current LARAVEL_ENV, stored in my .environment file. But it also will load all keys to the PHP environment, so, now, in my application I just need to 

    <?php

return [

    'fetch' => PDO::FETCH_CLASS,

    'default' => 'main',

    'connections' => [

        'main' => [
            'driver'   => 'pgsql',
            'host'     => getenv('MAIN.DATABASE_HOST'),
            'database' => getenv('MAIN.DATABASE_NAME'),
            'username' => getenv('MAIN.DATABASE_USER'),
            'password' => getenv('MAIN.DATABASE_PASSWORD'),
            'charset'  => 'utf8',
            'prefix'   => '',
            'schema'   => 'public',
        ],

    ],

];

    Add the .environment file to your gitignore file and you should be safe, but you'll have to, of course, create (or copy and edit) the file every time you set a new server.

    About Security

    Everything in your system is a file, you are protected if your files are protected. It's that simple. A VirtualHost file is a file accessible by your webserver, if someone hacks your webserver you'll have not only your .environment file exposed, but also your VirtualHost one, so IMO you're not securer using one or another.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)

报告相同问题?

悬赏问题

  • ¥15 做个有关计算的小程序
  • ¥15 MPI读取tif文件无法正常给各进程分配路径
  • ¥15 如何用MATLAB实现以下三个公式(有相互嵌套)
  • ¥30 关于#算法#的问题:运用EViews第九版本进行一系列计量经济学的时间数列数据回归分析预测问题 求各位帮我解答一下
  • ¥15 setInterval 页面闪烁,怎么解决
  • ¥15 如何让企业微信机器人实现消息汇总整合
  • ¥50 关于#ui#的问题:做yolov8的ui界面出现的问题
  • ¥15 如何用Python爬取各高校教师公开的教育和工作经历
  • ¥15 TLE9879QXA40 电机驱动
  • ¥20 对于工程问题的非线性数学模型进行线性化