Hacker News new | ask | show | jobs
by highwind81 5573 days ago
Yeah, my solution is to have a separate config file too but have a config file solely for password and never check that file into the repository.

Of course whenever someone does a fresh pull of the project, that is one file that they'd have to create for themselves. (So this is documented very clearly.)

It's minor inconvenience but it solves the problems like this.
2 comments
jcstauffer 5573 days ago
Our solution is to store environment-specific config data (such as DB name, username, password, etc.) in the Apache config:

SetEnv DB_USER=kermit SetEnv DB_PASS=Shhh

And then connect to the DB using code such as:

mysql_connect(getenv('DB_NAME'), getenv('DB_USER'), getenv('DB_PASS'))

Environmental config data should never be stored in source code.

link
nbpoole 5573 days ago
Until someone types i?php when when creating the file ;)

Edit: Unless of course you're using YAML or some other representation rather than a pure PHP file.

link