I saw many letters about storing hard-coded information (API key strings, database passwords) as environment variables for security. I am a little new to this concept, and although I have seen a lot for rails, not so much on the PHP side.
Even PHP FOG uses this type of setup when creating the mysql DB source information for the user.
I really don't understand where this is installed, and how it is extracted using any particular php webpage / application. I really look at this in terms of something like keeping my transaction email API keys and other information safe and useful across multiple pages.
For example, if I just create a config.php file and put it in my site root, is it really something other than a key call directly inside my code? Where should environment variables be set and what is the most efficient way to call them? I am also wondering how this differs from SESSION variables?
Note. I am running a LAMP stack with a pair of Nginx.
Update 1: One of these users is inclined to think against using environment variables and only in βnon-publicβ files, but I really donβt see how much this is different.
Update 2: I also found this article, which seems to make common sense from a Windows point of view (provided that * nix needs to change the path to include php?). Again, what are the benefits of this, and not just hard coding an API key directly in a PHP script?
source share