How to deploy your website without other users getting into your database user and password file?
Lets say I want to deploy a folder into github and it's connected to a database and I name it a file called db.php. Is there a way to make it so that when I upload this to GitHub, I can still connect to the database but other people cannot find the file?
Dose the gitignore file dose that? I never thought about it until now.
18 Replies
never commit any secrets to your git
gitignore keeps files out of your repo, yes
the way you generally use db credentials in dev, is to use a .env file which excluded from being committed and is loaded to get access to the variables
on production, you set the actual environment variables instead of using .env, either through the command line interface, or some other mechanism your host will describe
Do you have a video or information more about this and about env? I'm starting to get into back-end and the only thing I know is to deploy it into git for free web hosting and I didn't know how to hide my databse information.
not really, sorry. are you using a framework or just vanilla stuff?
All I'm using is HTML, CSS, JS, PHP, and MYSQL.
hm, the way I used to do that in vanilla is to have a config.ini file that isn't committed. You then put the config.ini somewhere that isn't accessible from the web, but is accessible to your script, and use parse_ini_file to read the info from there
you can also use getenv to access the system's environment variables
Oh.. ok thats cool. How do I know if it is somewhere that isn't accessible from the web? Dose... gitignore do that?
Here is what my folder look like right now, and the db.php is the database information.
gitignore doesn't do anything with your webserver. You'll have to read up on document roots for your web server
though if you stick stuff in environment variables (not a .env file, the actual environment vars), you don't have to worry about web access
Hmmm... I'll need to look into the github document root thingy since github is the only place I been deploying/hosting my sites.
you can't run PHP code on github pages though right?
Ohhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh, I thought it wasn't connecting to the database. Cause I use XAMPP and it works.
Never knew github can't run PHP
github only serves static pages, you'll have to use a different host (and no, sorry, I don't have any recommendations)
It's fine, I'll use JS for the details, I'll need to learn how to hide them first before I start finding other places for PHP.
github won't run any javascript on the server side either, and you can't hide any credentials that are on the client side
Oh...
This is going to be a long learning journey for back end for me XD
it's definitely a bit different than frontend yeah
the biggest difference is the fact that you need an active server
Ahhh gotcha.
Cool, thanks for the help 🙂
I got some stuff to learn XD
no worries 🙂 and good luck, it's a bit rough at first but it can be very rewarding too!