Commit ae53eabe authored by mig5's avatar mig5 Committed by mig5

#731816 - provide comments explaining why and how site db credentials are...

#731816 - provide comments explaining why and how site db credentials are stored in apache vhosts as environment variables
parent 94006b14
...@@ -604,7 +604,10 @@ function provision_parse_info_file($filename) { ...@@ -604,7 +604,10 @@ function provision_parse_info_file($filename) {
} }
/** /**
* Set up the $_SERVER environment variable so that drupal can correctly parse the settings.php file * Set up the $_SERVER environment variable so that drupal can correctly parse the settings.php file.
* The real credentials are stored in the Apache vhost of the relevant site, to prevent leaking of
* sensitive data to site administrators with PHP access who might otherwise access such credentials
* potentially of other sites' settings.php in a multisite set-up.
*/ */
function provision_prepare_environment() { function provision_prepare_environment() {
$fields = array('db_type', 'db_host', 'db_user', 'db_passwd', 'db_name'); $fields = array('db_type', 'db_host', 'db_user', 'db_passwd', 'db_name');
......
/**
* The database credentials are stored in the Apache vhost config
* of the associated site with SetEnv parameters.
* They are called here with $_SERVER environment variables to
* prevent sensitive data from leaking to site administrators
* with PHP access, that potentially might be of other sites in
* Drupal's multisite set-up.
* This is a security measure implemented by the Aegir project.
*/
$databases['default']['default'] = array( $databases['default']['default'] = array(
'driver' => urldecode($_SERVER['db_type']), 'driver' => urldecode($_SERVER['db_type']),
'database' => urldecode($_SERVER['db_name']), 'database' => urldecode($_SERVER['db_name']),
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment