你如何保护database.yml? [英] How Do You Secure database.yml?
问题描述
当我部署我的Rails应用程序时,我在我的Capistrano
配方,在应用程序的/ config目录中创建一个符号链接到database.yml文件。文件本身存储在标准Capistrano / releases目录结构之外的单独目录中。我chmod 400的文件,所以它只能创建它的用户可读。
- 这是否足以锁定?是否有人加密?
- 任何人加密他们的database.yml文件?
您还需要确保您的SSH系统具有良好的安全性,以防止人们以登录您的Capistrano机器人。我建议限制访问受密码保护的密钥对。
加密服务器上的.yml文件是无用的,因为您必须给机器人提供密钥,存储。 。 。在同一台服务器上将其加密在您的机器上可能是一个好主意。 Capistrano可以在发送前对其进行解密。
Within Ruby on Rails applications database.yml is a plain text file that stores database credentials.
When I deploy my Rails applications I have an after deploy callback in my Capistrano recipe that creates a symbolic link within the application's /config directory to the database.yml file. The file itself is stored in a separate directory that's outside the standard Capistrano /releases directory structure. I chmod 400 the file so it's only readable by the user who created it.
- Is this sufficient to lock it down? If not, what else do you do?
- Is anyone encrypting their database.yml files?
You'll also want to make sure that your SSH system is well secured to prevent people from logging in as your Capistrano bot. I'd suggest restricting access to password-protected key pairs.
Encrypting the .yml file on the server is useless since you have to give the bot the key, which would be stored . . . on the same server. Encrypting it on your machine is probably a good idea. Capistrano can decrypt it before sending.
这篇关于你如何保护database.yml?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
