Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Is there a problem with committing my zend framework code on googlecode (specifically my config file containing db parameters). I.E., can someone hack into my db if the config file has my db credentials? id have to have my db local to the server, instead of having a db host which somoene could potentially hack into.
It may or may not lead to problems ultimately, but it is certainly a bad idea.
Set your .gitignore to ignore your config file and you can commit away without having those credentials in a public place. (Just make sure you have your config file backed up somewhere.)
Ultimately, you may want to consider making a build process that will create the appropriate config for the appropriate server. It could read the credentials from a file on your server or a protected central entity or have the user enter them or whatever. That may reduce the temptation to check in credentials without as much resultant deployment hassles.