Posted by raychaser on January 2, 2014 at 7:26pm
I have an older Aegir install that didn't use BOA (I can't figure out how to get the version number) and a newer one that did use BOA.
On the older one the settings.php file contains variable names that get looked up in the vhost file like:
'database' => "$_SERVER[db_name]",
but on the newer install the settings.php file contains the actual username and password.
Question: My understanding was that the db credentials were substituted through files in the vhost.d directory as a security precaution. Why does the new Aegir not do this?
Comments
This is because BOA still
This is because BOA still uses Drush 4 based Aegir 2.x (old) head version. We may switch to protected credentials as it is done also for Nginx in current Aegir 2.x before we will drop Drush 4 (and thus also Drupal 5) support, I suppose.