douxian5963 2014-08-27 14:19
浏览 79
已采纳

如何在Ubuntu和Windows中设置环境变量并安全存储?

I am working on an application based on laravel. I need to set my database password in the config so that laravel can use it to connect to the database.

Now I have two problems: 1) I don't want to set password for every other local environment I use. 2) I don't want to set the password in the config file because when I share the code with my team members on git, they can view my password.

I may have figured out a way around this which is to store the password in an environment variable and then use the getenv() PHP function to retrieve it in the config file. So now I can just set the environment variable in any number of environments and the code in the config file will remain the same, and also the other members won't be able to see my password.

Now I don't know how to set environment variables, and other stuff like global/local environment variables and temporary/persistent variables.

And if I am storing the password in the environment variables, should I hash these passwords? Will they be accessible to other users who log onto my machine? And if I do hash them and store them, how am i supposed to use them in the config file?

Is there a different, a more ideal way around my problem?

  • 写回答

3条回答 默认 最新

  • donglian1982 2014-08-27 14:52
    关注

    Laravel Way

    Laravel uses .env.php files to solve this for you: http://laravel.com/docs/configuration#protecting-sensitive-configuration. But as you still need to set the environment in your start.php file, I prefer to do it differenlty:

    My Way

    I create a .environment file in my app root folder with things like:

    <?php

return [

    'LARAVEL_ENV' => 'development',

    'DOMAIN' => 'myapp.com',

    'DEBUG_MODE' => true,

    'MAIN.DATABASE_HOST' => 'localhost',
    'MAIN.DATABASE_NAME' => 'databasename',
    'MAIN.DATABASE_USER' => 'myusername',
    'MAIN.DATABASE_PASSWORD' => 'basswort',

];

    I have a class to load the environment file:

    <?php

namespace PragmaRX\Support;

use Exception;

class Environment {

    protected static $loaded = false;

    public static function load($file = null)
    {
        if ( ! static::$loaded)
        {
            if ( ! file_exists($file))
            {
                throw new Exception('Environment file (.environment) was not set or does not exists: '.$file);
            }

            foreach(require $file as $key => $value)
            {
                if ($value === false)
                {
                    $value = '(false)';
                }
                else
                if ($value === null)
                {
                    $value = '(null)';
                }
                else
                if (empty($value))
                {
                    $value = '(empty)';
                }

                putenv(sprintf('%s=%s', $key, $value));
            }

            static::$loaded = true;
        }
    }

    public static function getDetectionClosure($file = null)
    {
        static::load($file);

        return function() { return getenv('LARAVEL_ENV'); };
    }
}

    Then in my app/bootstrap/start.php I just need to load it this way:

    $env = $app->detectEnvironment(
    \App\Environment::getDetectionClosure(__DIR__.'/../.environment')
);

    As you can see, the closure will return the current LARAVEL_ENV, stored in my .environment file. But it also will load all keys to the PHP environment, so, now, in my application I just need to 

    <?php

return [

    'fetch' => PDO::FETCH_CLASS,

    'default' => 'main',

    'connections' => [

        'main' => [
            'driver'   => 'pgsql',
            'host'     => getenv('MAIN.DATABASE_HOST'),
            'database' => getenv('MAIN.DATABASE_NAME'),
            'username' => getenv('MAIN.DATABASE_USER'),
            'password' => getenv('MAIN.DATABASE_PASSWORD'),
            'charset'  => 'utf8',
            'prefix'   => '',
            'schema'   => 'public',
        ],

    ],

];

    Add the .environment file to your gitignore file and you should be safe, but you'll have to, of course, create (or copy and edit) the file every time you set a new server.

    About Security

    Everything in your system is a file, you are protected if your files are protected. It's that simple. A VirtualHost file is a file accessible by your webserver, if someone hacks your webserver you'll have not only your .environment file exposed, but also your VirtualHost one, so IMO you're not securer using one or another.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)

报告相同问题?

悬赏问题

  • ¥15 运筹学中在线排序的时间在线排序的在线LPT算法
  • ¥30 求一段fortran代码用IVF编译运行的结果
  • ¥15 深度学习根据CNN网络模型,搭建BP模型并训练MNIST数据集
  • ¥15 lammps拉伸应力应变曲线分析
  • ¥15 C++ 头文件/宏冲突问题解决
  • ¥15 用comsol模拟大气湍流通过底部加热(温度不同)的腔体
  • ¥50 安卓adb backup备份子用户应用数据失败
  • ¥20 有人能用聚类分析帮我分析一下文本内容嘛
  • ¥15 请问Lammps做复合材料拉伸模拟,应力应变曲线问题
  • ¥30 python代码,帮调试,帮帮忙吧