We are currently storing mysql password in application.ini.
As this file is in our source code control store (market), it is not a good place for the production server's password.
I was thinking about storing it in an environment variable of the apache configuration.
Is it safe enough? Just make sure Apache config file is not readable by any other user than Apache.
But password security is not the main caution because you can not even allow to connect to your MySQL server outside or just restrict some IPs.
Comments
Post a Comment