I know Magento stores the database connection details within the local.xml file, however our firm is trying to avoid passwords and other sensitive data being stored within our git repo's for security purposes.
I know you can create Environment Variables easily via an .htaccess file, but I'm hoping to find a workable solution that will enable me to set this database information dynamically from a environment variable.
As the local.xml is an XML file and as this is a non dynamic/server-side filetype we cannot use it to read environment variables.
Would there be a way to somehow add in some hook/custom behaviour to Magento in which I could replace the local.xml with a PHP file that will allow me to pull in these environment variables?
So in a sense, the local.XML would become a local.PHP file with the ability to read my own custom environment variables such DB_HOST, DB_USERNAME, DB_PASSWORD rather than having them already set in the xml file as localhost, root, password123 etc.
Any ideas on how best to achieve this, or are there any existing Magento add-ons/extensions/mods that will allow me to do this?
I would suggest git ignore your local.xml and dynamically create it with your deploy script. your deploy script should have your sensitive data variables.
I found an alternative solution to the problem. I extended Mage_Core_Model_Config_Element and overrode the 'xmlentities' function to check if the configuration value it is returning starts with a dollar sign, and if so substitute it with the equivalent environment variable.
If it helps anyone else, here it is...
https://github.com/rossigee/magento-config-envvars
Please try this solution:
copy app/code/core/Mage/Core/Model/App.php to app/code/local/Mage/Core/Model/App.php and replace the _initBaseConfig() method with the following one:
protected function _initBaseConfig()
{
Varien_Profiler::start('mage::app::init::system_config');
$this->_config->loadBase();
/* Read DB connection config from environment variables */
$connection = $this->_config->getNode('global/resources/default_setup/connection');
$connection->setNode('host', $_ENV['DB_HOST']);
$connection->setNode('username', $_ENV['DB_USERNAME']);
$connection->setNode('password', $_ENV['DB_PASSWORD']);
Varien_Profiler::stop('mage::app::init::system_config');
return $this;
}
This must help.
* EDIT
protected function _initBaseConfig()
{
Varien_Profiler::start('mage::app::init::system_config');
$this->_config->loadBase();
/* Read DB connection config from environment variables */
$this->_config->getNode('global/resources/default_setup/connection')
->setNode('host', $_ENV['DB_HOST'])
->setNode('username', $_ENV['DB_USERNAME'])
->setNode('password', $_ENV['DB_PASSWORD']);
Varien_Profiler::stop('mage::app::init::system_config');
return $this;
}
Have you considered simply adding local.xml to .gitignore and creating/updating it as part of your deployment process? Note that local.xml typically stores more than just database credentials. For example, it might also store the configuration for the caching backend(s) as and session storage. These are usually also server specific, and will make things very messy if you try to avoid using local.xml.
Related
I have a PHP routing script, like this:
include_once('routing-functions.php');
// pathMatches was imported from routing-functions.php
if(pathMatches('/blog/*')){
include_once('actual-script.php');
}
The problem I have is the following: the functions and global variables from routing-functions.php could potentially conflict with the included file. Additionally, I don't want actual-script.php to have access to any of the variables of the router.
I am looking for a way to completely wipe the PHP context, so that the file is included as if it were directly requested, so doing the following is not an option because it changes the context/scope in which actual-script.php is executed:
if(pathMatches('/blog/*')){
function $sandbox(){
include_once('actual-script.php');
};
$sandbox();
}
Additionally, sending a local request to the file (e.g. with cURL) is also not an option, because it has a negative impact on performance and I want it to run as if it were under the /blog/ URL.
The problem is easy to solve with .htaccess, however, I need a dynamic solution that uses a PHP router.
If anyone has had a similar problem before or knows of a good solution it would be greatly appreciated.
Just looking for some tips if this is good enough or if i should do anything different to "hide" my database credentials. Been searching for a long time. I have found alot of ways to do this and feel everyone does it a different way. So wondering if this is good enough. Thank you.
Right now I'm storing a config.ini file with my database credentials outside of the public directory.
Then inside the public directory I got a folder name db_includes. This is where i have my db connection php file. This is the code for the database connection.
$config = parse_ini_file('../../private/config.ini');
$db = new \PDO('mysql:dbname='.$config['DB_NAME'].';host='.$config['DB_SERVER'].';charset=utf8mb4', ''.$config['DB_USERNAME'].'', ''.$config['DB_PWD'].'');
Also inside the db_includes folder i got a .htaccess file that has "deny from all" so its not possible to get to that db_includes folder or the database connection file.
Is this good or should i also move the database connection file outside of the public directory and just call it when i need it?
There's a few ways of doing it. First, I recommend using a PHP file to store the credentials, this way if your htaccess fails, the php file will be parsed anyway and your credentials won't appear:
config.php:
<?php
return [
"DB_NAME" => "database",
"DB_USER" => "user"
// ...
];
Wherever you need:
$config = require "path/to/config.php";
$db = new \PDO('mysql:dbname='.$config['DB_NAME'].';host='.$config['DB_SERVER'].';charset=utf8mb4', ''.$config['DB_USERNAME'].'', ''.$config['DB_PWD'].'');
If possible, keep it outside your public folder as it is a good way to make it safe.
Remember that if your database and server is well configured and safe enough you don't need to worry about database credentials.
In a maintenance script for a web server, I need to get the database settings for each website/application on that server. As most of the websites are based on Drupal, the main settings file is settings.php, within that file various variables (such as $database) are defined, but sometime it also contains ini_set() statements for that specific site.
The script could include the settings.php to obtain the database setting but then the script will throw errors such as
Warning: ini_set(): A session is active. You cannot change the session module's ini settings at this time in include() (line 123 of /path/to/website/sites/default/settings.php).
Is there a way to only load (specific) variables from an included php file?
Of course, I mean something smooth. I know, I could load the file into a string, use regex to extract the database variable and eval() that, but I'd rather think there is a better way.
Instead of just including the settings.php (due to errors with ini_set() commands inside the included file I had to read the file into a string, get the desired part and eval() that.
In the example below, I am searching for the database settings inside a standard Drupal settings.php
#include $settings_path; // critical due to ini_set() commands.
$settings = file_get_contents($settings_path); // load file into string
$settings = preg_replace("#/\*.*?\*/#si", '', $settings); // get rid of comments to avoid confusion with preg_match
preg_match('#\$databases.*?;#si', $settings, $dbraw); // get the desired part of the string
eval("\$databases = " . $dbraw[0]); // eval() to create the variable
I'm building a service, which has a few cronjobs running, written in Python. However, this is my first Python-project ever, so I'm still a very beginner.
What I'm doing now, is that I have my database-connection handled on every file, so basically if I wanted to change the host, I would need to go through all the files. I'm now looking into a PHP-include() similar method for Python, so that I could include some general stuff instead of copy-pasting.
Also, the Python-files are ran in cronjob, so the method should work on cronjobs too :)
If it's really just a couple of settings for a single database connection, just put it in a Python module and import it in all of your files. Why add any complexity you don't need?
If it's more complicated, use ConfigParser as #AdamMatan suggested.
# dbconfig.py
host = '127.0.0.1'
user = 'stack'
password = 'overflow'
# db.py
import dbconfig
print dbconfig.host
print dbconfig.user
print dbconfig.password
Use an external configuration file, with your db connection (host, name, password, db, ...) in it, and read the configuration file from within the Python script.
This makes changes easy (even for non-programmers) and nicely complies with the Single Choice Principle.
Example:
db.cfg
[db]
host=127.0.0.1
user=stack
password=overflow
db.py
import ConfigParser
config = ConfigParser.ConfigParser()
config.readfp(open('db.cfg'))
print config.get('db', 'host')
Execution result:
127.0.0.1
If you need to call __import__(), you are doing it wrong.
You need to refactor your code so that you no longer have the database connection routines scattered throughout your codebase. Yes, it would be even nicer to have these details in a configuration file (+1 #Adam Matan), but first you need to eliminate the duplication. This will save you a world of pain in the long run.
I have a database where I keep my configuration parameters, I want to load the configuration parameters into my application variables only once (or upon specific request to reload the parameters), I also want these variables which holds the configuration parameters to be accessible from all php pages/scripts, the idea is to save hits on the database and improve the application response time.
What is the 'classic' php solution to this matter?
It seems to me that this is essentially the same as any other caching question. The fact that the content to be cached is configuration parameters rather than say the content of Web pages or user profile information is unimportant from a technical perspective.
So what you have to do is come up with some caching solution, whether it's memcached or just writing static files with the data you want to cache.
The trick here is that you're not caching HTML to be presented to the user but rather database query results, so you'll probably want to look at approaches like this one:
http://devzone.zend.com/article/1258
I like using the Zend_Config_Ini class. Creating separate sections that can extend others is easy, and with Zend_Cache with Zend_Cache_Frontend_File (to check for updates to the .ini file) and a backend (I use APC) that is particularly fast to access to avoid any overhead of re-parsing.
; Production site configuration data
[production]
webhost = www.example.com
database.adapter = pdo_mysql
database.params.host = db.example.com
database.params.username = dbuser
database.params.password = secret
database.params.dbname = dbname
; Staging site configuration data inherits from production and
; overrides values as necessary
[staging : production]
; 'database.adapter' is inherited
; others are overridden
database.params.host = dev.example.com
database.params.username = devuser
database.params.password = devsecret
Make a page that sets constants (key word 'define') early in your routines. Just include it wherever needed.
Like Smandoli's answer, I use a single file that has my configuration.
However, my configuration is actually a multi-dimensional array - meaning I have much greater control over my config - I can change it on the fly if I need to, as well as breaking up the varialbes.
$config['error']['nologin'] = "You're not logged in";
$config['db']['host'] = "localhost";
$config['something']['else'] = "hello world";
Edit: I use a file for values that do not change too much. I do use variables from a database occasionally, but not too often.
My rule of thumb is "If the user doesn't need to change it, load from the file; if they need to change it, then it comes from a database".
I came from the world of C++ the paradigm there was to use a singleton which load the parameters on first (and only) instantiation and export an interface with relevant get'ters (like 'int GetVal(char* key,int &val)' ) the singletone was accessible from all parts of the application, is there anything like that in PHP?