Greytree

TamWiki

For a mouse who is a packrat

Technology » Keep A Sample Config
a handy way to put config data in a repository without exposing private details

Summary:this is what goes at the top of the site

(redirected from Main.KeepASampleConfig)

Up: ^Development^

On this page... (hide)

When crafting a web application, it is a good practice to put configuration details into separate file to be included in the application code. I typically name this file config.inc.php (Using an .inc.php extension instead of a .php extension indicates that this is code to be included rather than called directly. Note: always use a .php extension on include files so they can't be downloaded as text file to a browser.)

A sample snippet of a config file may look like this:

Configuration file fragment
  1. /**
  2.  * Database connectivity constants.
  3.  * Replace with appropriate values for your local installation
  4.  **/
  5.  
  6. define("DBHOST",'localhost');
  7. define("DBUSER",'someuser');
  8. define("DBPASS",'somepassword');
  9. define("DBNAME",'somedatabase');
raw code

If you put your code in a public repository, such as Gitorious, you don't want anyone to be able to download your database access credentials.

Based on how things work in PmWiki, I have created another file, called sample-config.inc.php that mirrors the real config.inc.php file save for the details you don't want to get out. Then, when a person downloads your code, they can create their own config.inc.php file based off the sample one, filling in the details and customizing their installation.

But when you are working on your application, you don't want to have to keep track of all the changes you make to config.inc.php to keep sample-config.inc.php up-to-date. So, a simple perl script will do the trick:

clean_config.pl
  1. #!/usr/bin/perl -n
  2.  
  3. # This program is a filter -- it is intended to be run
  4. # such that an implicit while loop is run on each line
  5. # of the input file(s)
  6.  
  7. /DBHOST|DBNAME|DBPASS|DBUSER/ && s/,(['"])[^'"]*(['"])\);/,\1\2);/g;
  8. print $_;
raw code

The above script will match any line containing DBHOST, DBNAME, DBPASS, or DBUSER and substitute the contents of any string with the null string on that line.

If you have other sorts of things you don't want to get out in the wild (e.g. AWS keys, Login passwords, etc), you can adjust the filter accordingly.

To use, simply pass the working config.inc.php file as STDIN and redirect STDOUT to your sample-config.inc.php file:

$ ~/bin/clean_config.pl <config.inc.php >sample-config.inc.php
raw code

(Set the script to executable first.)

Update

-- tamara April 17, 2012, at 09:22 PM

There are many, many ways to do configuration, based on the language and application at hand. The above is a rather crude method that masks the setup Wordpress uses in their configuration file.

Credentials and such should really not be stored with the application source (as I've mentioned) but they should also really not be accessible from the web server's path.


Tags:
app config
Categories: HowTos

Recent Changes | Printable View | Page History | Edit Page
Page last modified on April 17, 2012, at 09:22 PM by tamara