Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Currently we are storing mysql passwords in the application.ini.
As this file is in our source code control repository (bazaar), it is not a good place for the passwords of the production server.
I was thinking about storing it in an environment variable of the apache configuration.
Is this reasonably safe?
Just make sure that apache config file is not readable by any other user than apache.
But keeping password safe is not main precaution because you can also disallow connecting to your MySQL server from outside or just limit it to certain IP’s.