开发者

How do I keep passwords out of publicly visible code?

开发者 https://www.devze.com 2023-01-23 23:47 出处:网络
I have an app I\'m trying to deploy and something is concerni开发者_Python百科ng me about security. Is there a way to avoid storing my e-mail password in plain text in setup_mail, and my database pass

I have an app I'm trying to deploy and something is concerni开发者_Python百科ng me about security. Is there a way to avoid storing my e-mail password in plain text in setup_mail, and my database passwords in environment.rb?


You can store the passwords as a file on your deployment server and then have something along the lines of this in database.yml (or wherever else you have sensitive data):

production:
  adapter: mysql
  host: localhost
  database: foobar_production
  username: foobar
  password: <%= begin IO.read("/home/deploy/passwords/foobar.db") rescue "" end %>

... where foobar.db is a plaintext file containing just the password.

0

精彩评论

暂无评论...
验证码 换一张
取 消