Config details should not be present in version control

aryanxorian / ecommerce-website

0 stars 0 forks source link

Config details should not be present in version control #1

Open mfsi-suryar opened 3 years ago

mfsi-suryar commented 3 years ago

https://github.com/aryanxorian/ecommerce-website/blob/54cdf603dfb492e06794f67af4c07b9fcc1d0b44/configd.php#L2

Don't push config details to version control.

DB host
DB port
DB name
DB Username
DB password

configdb.php into version control. You can add this to .gitignore` and create a new example file likeconfigdb.php.exampleinto version control. While setting up the project, you will copy this file toconfigdb.php``` and add the credentials there.

ashishkumar68 commented 3 years ago

Yep agreed! thanks @mfsi-suryar this is very important @aryanxorian @Nikkii1999 @SubhajitDas98 , please remove them from git versioning. we set these config values while deploying to different env test/staging/production, so they are different for each environment and then there is a security concern that if someone gets access to your git codebase, they might be able to access your resources which puts database, servers and other things at risk. so these need to set in a file(json/yaml/.env etc.) that you generate while deploying on servers + local environment, which should be read from your PHP script to use these values.