Schwaitz Schwaitz - 3 months ago 8
Git Question

What is the best way to hide database login information for public collaboration on GitHub?

So I have plans to work on a website with some people that I do not know, on GitHub. For websites that I have created in the past, I have stored my credentials in a file called db-const.php, and included them when needed.

The problem that I am having is, the host that the website will on is not the same host as my mySQL database, so I cannot simply use localhost-only credentials. I would perfer to not have to censor my credientials every time I commit.

My idea so far is to create a php file on my host that delivers the data in a hashed format when called for, which is then unhashed on retrieval. Thoughts?

Answer

Create a file called (something like) localsettings.php which has the local to the server settings only as define(key,value). This would be only the login, password, database name etc. details - nothing else.

Use the key (which I'm guessing you are already using) in your code.

Make the permissions for localsettings.php read only (to prevent accident overwrites).

On the GitHub code, include a blank version of localsettings.php which includes a comment to include the define(key,value) that are local for the server the code will be used on. Also include info that the file should be marked read only so it does not need to be updated with each sync.

You can also ignore a list of files with GitHub if the read only permissions are a problem.

Comments