BOA settings.php has real DB credentials

We encourage users to post events happening in the community to the community events group on https://www.drupal.org.

Posted by raychaser on January 2, 2014 at 7:26pm

I have an older Aegir install that didn't use BOA (I can't figure out how to get the version number) and a newer one that did use BOA.

On the older one the settings.php file contains variable names that get looked up in the vhost file like:

'database' => "$_SERVER[db_name]",

but on the newer install the settings.php file contains the actual username and password.

Question: My understanding was that the db credentials were substituted through files in the vhost.d directory as a security precaution. Why does the new Aegir not do this?

Comments

This is because BOA still

Posted by omega8cc on January 7, 2014 at 1:26pm

This is because BOA still uses Drush 4 based Aegir 2.x (old) head version. We may switch to protected credentials as it is done also for Nginx in current Aegir 2.x before we will drop Drush 4 (and thus also Drupal 5) support, I suppose.

BOA

You must register or login in order to post into this group.

Group organizers

omega8cc

Group notifications

This group offers an RSS feed. Or subscribe to these personalized, sitewide feeds:

All posts:
- Feed
- Page

Hot content this week

Drupal Meetup at Spielbound in Omaha

23 hours 46 min ago
Usergroup Berlin – Mai 2024

18 hours 9 min ago
Sites using Thunder

7 years 10 weeks ago
Drupal Libraries

15 years 39 weeks ago
Media sites using Drupal

16 years 41 weeks ago