stackoom
  简体   繁体   中英

Storing Database Credentials in Cakephp 3.1 app.php file

 原文  2017-06-02 14:39:37       php/ cakephp/ file-permissions

Question

I'm putting the finishing touches on my cakephp project (configuring final database grants, etc) and realised something about cakephp.

From what I can tell (unless I inadvertently changed it), cakephp shipped with the app.php file permissions of -rw-rw-r-- (662).

Doesn't allowing anyone with access to the server the ability to see your database credentials pose a security risk?

Would it break things if I changed this to -rw-------? (600)

1 answers

solution1
 0 ACCPTED  2017-06-02 14:51:57

Totally depends on your configuration, there is no one correct way to do it, so -rw-rw-r-- aka 0664 is likely just fine. If your web server process runs under the same user that owns the files then -rw------- aka 0600 is ok. But generally, you want to ensure that the web server process does not have write permission to the files it serves . You can achieve this purely with file permissions but I prefer to make the user that runs the web server process different than the user that owns the files being served.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question unable to get defined constant from app.php in cakephp3 config\app.php getting values from database How to set host point to app.php file in Symfony2 Laravel Application Environment variable in config/app.php and .env file Symfony 2 removing app.php Storing Database Security Credentials in PHP Securely Prod routes require `app.php` Understanding arrays in laravel app.php app.php shown as plain text on Symfony 3 how do we access data from database or other files in app.php of the config folder in laravel 5
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM