The simple point is that you do not want to let others know the information, such as the database address, username, password and so on, such information is often known as fewer people better.
Typically, the configuration files in a PHP program are roughly as follows:
| The code is as follows | Copy Code |
<?php |
|
Sometimes for some reason, such as code review, or cooperative development, and so on, third parties need to obtain the code version of the warehouse read access, once authorized, the database address, user name, password and other sensitive information is exposed. Of course, you can not save the configuration file in the code version warehouse, instead of writing a document to explain, but I do not like this method, because of this, the code itself is incomplete.
How to solve this kind of problem? The most direct way is to remove sensitive information from the code and save it in a different place. Where exactly is it saved? There are a number of options, such as Nginx Fastcgi_param to set:
| The code is as follows | Copy Code |
Fastcgi_param database_host 192.168.0.1; |
|
After such a mapping, our code does not directly contain sensitive information:
| The code is as follows | Copy Code |
<?php |
|
In addition, you can set the PHP-FPM env directive to:
| The code is as follows | Copy Code |
Env[database_host] = 192.168.0.1 |
|
The point to be noted is that this setting must be placed in the main configuration file php-fpm.conf and cannot be placed in the child configuration file of the include directive settings, otherwise it will be an error: "array are not allowed in the global section"the other point, although it was set through ENV, the result was in $_server, not $_env.
Description: @Laruence reminds me that if configuration information is set through Nginx Fastcgi_param, when Nginx interacts with PHP, it brings a lot of data transfer (so it seems to have a relatively strong advantage over PHP-FPM env), Brother Bird suggests using an independent extension to fix it, such as "hidef".
The problem with Nginx and PHP-FPM configuration files is that it's only valid for the Web, and if you run it through the command line, you can't get the information in $_server, but that's not a big deal. As long as a common script to match the Nginx or php-fpm configuration files, you can dynamically map the information to the command line environment, how to do it for everyone to operate it.
The code is clean, and the rest of the work is how to make sure the Nginx or PHP-FPM configuration file is secure, but compared to the code, Nginx or PHP-FPM profiles do not require a lot of people to have permissions, so it is relatively easier to manage
There is also an important function phpinfo () This everybody must notice, if can display the Phpinfo function normally we can
Details
Phpinfo provides some of the following information:
*php version (with exact version information, including build version)
* System version information (exact version information, including build version)
* Extended directory (PHP directory)
*SMTP Server information
*sendmail path (if SendMail installed)
*posix Version Information
* Database
*ODBC settings (including the path, database name, default password, etc.)
*mysql the client's version information (including a build version of the exact version information)
*oracle version information and the path to the library
* Actual path to location
*web Server
*iis Version Information
*apache Version Information
* If running under Win32:
* Computer Name
Location of the *windows directory
* Path (can be used to leak installed software information)
Example:
Access a URL similar to the following:
http://www.example.com/PHP/phpinfo.php
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
