What are the sensitive information in the PHP program to focus on?

Return Array ( ' Database ' = Array ( ' Host ' = ' 192.168.0.1 ', ' User ' = ' Administrator ', ' Password ' = ' e1bfd762321e409cee4ac0b6e841963c ', ), ); ?> Copy Code Sometimes for some reason, such as code review, or cooperative development, and so on, the third party needs to obtain the code version of the repository Read permission, once authorized, the database address, user name, password and other sensitive information is exposed. Of course, you can not save the configuration file in the code repository, instead of writing a document to explain, but I do not like this method, because the code itself is not complete. How to solve this kind of problem? The most straightforward approach is to take the sensitive information out of the code and save it in a different place. Where do you save the details? There are many options, such as setting through Nginx's Fastcgi_param: Return Array ( ' Database ' = Array ( ' Host ' = $_server[' database_host '], ' User ' = $_server[' Database_username ', ' Password ' = ' $_server[' Database_password '], ), ); ?> Copy Code In addition, the PHP-FPM env command can also be used to set: Env[database_host] = 192.168.0.1env[database_username] = Administratorenv[database_password] = e1bfd762321e409cee4ac0b6e841963c One point to note is that this setting must be placed in the main configuration file php-fpm.conf, can not be placed in the include directive settings sub-configuration file, otherwise it will be error: "array is not allowed in the global section", another point, though it was set by ENV, was still in $_server, not $_env. Note: @Laruence reminds me that if the configuration information is set by Nginx Fastcgi_param, when Nginx interacts with PHP, it will bring a lot of data transfer (so it seems to set the relative advantage by PHP-FPM env), Brother Bird suggests using an independent extension, such as "hidef". With Nginx and PHP-FPM configuration files to solve the problem, there is a disadvantage, only valid for the Web, if run through the command line, then can not get the relevant information in $_server, but it is not very difficult, Just write a common script to match the Nginx or php-fpm configuration file, you can dynamically map this information to the command-line environment, specifically how to leave it to everyone to operate it. The rest of the work is how to ensure the security of Nginx or PHP-FPM configuration files, but compared with the code, Nginx or PHP-FPM configuration files do not require a lot of people have permissions, so relatively easier to manage.

