Taking Database Settings out of the application.ini and into the environment

In traditional coding of Zend based applications, the database settings are stored in the application.ini . This stores the settings on a per application basis.

Has anyone here on StackOverflow explored the possibility of moving database settings from the application.ini into the environment? For example, a basic way would be storing possibly database connections settings in the Apache2 envvars file or possibly in something like /etc/profile or /etc/environment .

There are a couple of reasons why I would like to 开发者_运维知识库do this:

1) There is security risk where having live, production database settings within the application. Developers could inadvertedly connect to the live database and cause damage to customer sensitive data. This would protect both developers, the business an end users.

2) It is difficult to maintain and manage the db settings of multiple applications. For example, if a username or password changes for a database, then we would need to change the application.ini or multiple applications that would mean a rollout of just that file or the whole application again.

3) An application may be deployed to mulitple 'production' environments where the database settings differ. Therefore there may have to be multiple sections within the application.ini - for example and production-datacentreX, production-datacentreY.

As you can see, there is an argument on keeping database settings on the server side. Therefore, it may be better to have possibly the database settings outside an application in a global area for all applications to access? This would be in it's own source control perhaps that would be unaccessible to developers.

What do you folks think? Anyone done something similar? I like the idea of a global application.ini (possibly called database.ini?)

Looking forward to hearing some responses on the subject.

Regards,

Steve

In my last project I've done something similar. I have application.ini which is stored in repository and contains common settings for application (view settings, helpers path, enable layout and things like that). But, each instance of application (each developer has one of them + testing and development server) has its own local.ini file (which is not versioned) with database settings and development directives (enabling FirePHP, ZFDebug). Thanks to that solution, we can make changes "globally" - application.ini and each developers can change settings "locally" - using local.ini file.

In Bootstrap.php I merge them like below:

protected function _initLocalConfig()
{
    $globalConfig = new Zend_Config($this->getOptions(), true);
    try {
        $localConfig = new Zend_Config_Ini(APPLICATION_PATH . '/configs/local.ini');
        $globalConfig->merge($localConfig);
        $this->setOptions($globalConfig->toArray());
    } catch (Zend_Config_Exception $e) {
        throw new Exception('File /configs/local.ini not found. Create it, it can be empty.');
    }
} 

I'm using second static named .ini file here, in another project we use .ini files based on host names. They can be also JSON, XML or YAML files (to take advantage of built-in Zend_Config parsers) or you can write your own adapter.

Like you see, you can take your non-common config practically from anywhere you want :)