munsiem

I have the file that stores the database connections private - basically the whole framework is sunk except for the public facing files (all models, controllers, views, and sensitive information have been removed from the htdocs). I was just curious if I had stored the database connection using an environment variable if that would be some kind of security issue. The main reason I ask is because earlier I did a phpinfo() and bam there was my database connection lol. I know of course that you wouldn't want to display phpinfo() to not let people know about your settings, but I just wanted to make sure that this wouldn't be as easily accessible anywhere else. I too believe that as long as you hide your sensitive information you would be safe, but I wanted to make sure that this environment variable wasn't going to be a major risk when storing my connections.

<?php $user = "KingPhilip"; $you = "user"; echo("Hello " . $$you . "!");

Hey everyone, my name is Mike. I enjoy writing frameworks, breaking standards, and simplicity. I have joined this forum a few years back when I started PHP and have officially came back to start using this service again. I forgot how awesome and informative this was so here I am years later. This is just an informative greeting, cheers to everyone on here!

I am talking more about putenv. What I thought about doing is basically hiding the DB information by storing the info into an environment variable, like the following: $_ENV['database'] = array("connection" => array("username" => "root", "password" => "password", "hostspec" => "localhost", "database" => "database")); I thought it might be an interesting idea to hide the sensitive information a bit better, but what do you think?

I am by no means a security expert, but I would like to know if storing MySQL database information in an environment variable would be a good or bad idea. What are your thoughts?

Hey everyone, I have a question (it's a crazy one) and am hoping to hear some feedback on what I have been developing. Many common MVC frameworks require you to place your website in the root directory of your htdocs folder. If you wanted to add another website (example being maybe a mobile version), you would have to create a sub domain or use clever naming conventions in the controllers and views. I wanted to try and create a way in which I did not have to create a sub domain each time I wanted to create a new site - rather simply just create a new folder and the framework reside and hold multiple applications. So, the biggest issue is handling the paths of images and front end scripts. Every application has its very own public folder. Before I was used to having everything absolute so you would see: /app/default/public/img/tedd.jpg Well when you have multiple sites and applications you end up seeing this: /site1/app/default/public/img/test.jpg /site1/app2/default/public/img/test.jpg Now when you upload that to your server you are going to have to change the paths of all the images and scripts (because surely you wouldn't want to have to create site1 on your server if it's the only site there). Well I decided to test out an interesting way to access the applications public folder by modifying the htaccess folder. So now instead of writing out this absolute path, I would simply say: _public/img/test.jpg And that would reference the public folder of the application of which you are viewing. I did this so I could have multiple websites on my server without having to create a subdomain each time (especially since mine limits me - shared hosting lol). That's the basic concept and it's achieved by using the <BASE> tag and getting the directory of which the index.php file lyes in (making this the new root folder). Do you think this is overkill or perhaps something quite interesting? Just wondering because sometimes as a developer you will come across some really crazy ideas and they can either be completely innovative or simply overkill. Here's an example of what I had to do in the .htaccess file: ### CSS RULES ### RewriteRule ^(.*)/_public/css/_public/(.*)$ apps/$1/_public/$2 [L] RewriteRule ^(.*)_public/css/_public/(.*)$ apps/_default/_public/$2 [L] ### REGULAR RULES ### RewriteRule ^(.*)/_public/(.*)$ apps/$1/_public/$2 [L] RewriteRule ^_public/(.*)$ apps/_default/_public/$1 [L] RewriteRule ^(.*)/vendors/(.*)$ vendors/$2 [L] Thanks and any advice would be nice. Keep in mind my main goal is to have multiple sites in a directory without having to create a subdomain each time. Thanks!