Thursday, January 20, 2022

[FIXED] Storing Database Credentials in Cakephp 3.1 app.php file

      , ,      No comments   

Issue

I'm putting the finishing touches on my cakephp project (configuring final database grants, etc) and realised something about cakephp.

From what I can tell (unless I inadvertently changed it), cakephp shipped with the app.php file permissions of -rw-rw-r-- (662).

Doesn't allowing anyone with access to the server the ability to see your database credentials pose a security risk?

Would it break things if I changed this to -rw-------? (600)


Solution

Totally depends on your configuration, there is no one correct way to do it, so -rw-rw-r-- aka 0664 is likely just fine. If your web server process runs under the same user that owns the files then -rw------- aka 0600 is ok. But generally, you want to ensure that the web server process does not have write permission to the files it serves. You can achieve this purely with file permissions but I prefer to make the user that runs the web server process different than the user that owns the files being served.



Answered By - Alex Howansky

0 Comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Total Pageviews

Featured Post

Why Learn PHP Programming

Why Learn PHP Programming A widely-used open source scripting language PHP is one of the most popular programming languages in the world. It...