2

I have an index.php file that is running some script making mysql requests. For obvious security reason, i'd like to remove the mysql credentials (host, password, user, database) from this script and replace them with some apache environment variables.

I tried to create such variables in /etc/apache2/envvars using following line of code : export MYSQL_USER='my_user' and then I intend to get it back using getEnv php function like this : getenv('MYSQL_USER') but this returns nothing.

Any idea ? Thanks !

Improve this question

3 Answers 3

Reset to default
3

Four steps :

  • in /etc/apache2/envvars : export MYVAR='value'
  • in /etc/apache2/apache2.conf : PassEnv MYVAR
  • Restart apache
  • in the php file located wherever apache2 is running: echo $_SERVER['MYVAR'];
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

In the virtual host for Apache you could use

SetEnv VARIABLE_NAME value

and the get the value of this variable from your PHP code using

$variable = getenv('VARIABLE_NAME');

You can read more on SetEnv here http://httpd.apache.org/docs/2.2/mod/mod_env.html#setenv

Improve this answer

Comments

0

If you would like to store passwords in an environment variable, but you don't want other users to be able to read the password or key, you could follow the following steps (tested on Ubuntu 18.04):

  • Create a file /etc/apache2/conf-available/aws_key.conf
  • Change the ownership to root sudo chown root:root /etc/apache2/conf-available/aws_key.conf
  • Change the file permission, so it is only readable for root sudo chmod 600 /etc/apache2/conf-available/aws_key.conf
  • Put the password or key in the file, e.g. SetEnv AWS_SECRET_ACCESS_KEY abcdefg12345+-987654321
  • Enable the configuration file sudo a2enconf aws_key
  • Restart Apache sudo service apache2 restart

This key is accessible in PHP via $_SERVER['AWS_SECRET_ACCESS_KEY'].

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.