PHP项目中的安全数据库密码

Question

I Have a PHP Project on Git, that have access some other developers.
The problem is.
1) Developer make changes on project and push it on server or upload it to test server.
2) Developer logins to the test or production machine to run this script. How can secure the Database Password?
If i make a config file, they can simple add an echo "" command and get the password.
Is there any solution for that? Maybe with group/user permissions in linux?

Thank you.

Answer 1

There won't be any real solution using linux security as the web server should always be able to execute the code and php also, so if you leave an ssh access to the production server they would be able to do anything they want on it.

One way to gain some security is to stop using manual login and try using a CI/CD with your git, that way you can have a full contrôle on what is executed on, at least, the production server.

That way you can leave access to the tests server, and they should always have that to be able to debug, but they can't execute anything that you did not validate before on the production server. To be sure to not have any issue, you should be the only one, or the sysadmin team should be the only one to have access to the ssh key on the CI.

That's some work to do if you start a CI from scratch and never did it but it will be worth your time when finished and you will also gain in serenity, knowing that no one can access the production without you knowing what is going to get executed on it (that will be the real pain in the ass as you will have to check everything...).