Good way to develop Open Source without exposing credentials?

旧城冷巷雨未停 提交于 2020-01-05 08:42:43

问题


I develop a web application and push its source code to a public Github repository. The issue is that the PHP code contains database credentials which shouldn't be visible to other people.

Now I'm looking for a good way to handle this. I could exclude the configuration file from the Git repository using .gitignore, but then others wouldn't see the structure to create their own configuration. On the other hand, I don't want to manually replace the real credentials for every commit.

What is a good way to handle this sensitive information inside the source code of open source software?


回答1:


What I usually do in these cases is allow for a two layered configuration where the default set of properties is versioned and committed with the source, but then developers can supply an external file that will be used if discovered, and will replace the defaults on a per setting basis. This is not only useful for externalizing credentials, but it also lets you default things like thread count, connection pool size, etc.. that can be overridden if desired. Importantly, they can see the full structure always. You your self would have your own external overrides file with the real credentials you use. But the defaults are fake ones that you check in.

I know you are using PHP, for java as an example, it would look roughly like this:

Properties defaultProps = loadDefaults();
Properties overrideProps = loadOverridesIfFound();
for(String name : overrideProps.keySet()) {
   defaultProperties.put(name,overrideProps.get(name));
}

I have found this technique to be very effective for many projects.




回答2:


You could simply .gitignore the actual configuration file and add a empty copy with a suffix (configDefault.php). This also provides you a way to make sure that users actually go over the configuration before running the application.



来源:https://stackoverflow.com/questions/19752752/good-way-to-develop-open-source-without-exposing-credentials

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!