How do I keep passwords out of publicly visible code?
I have an app I'm trying to deploy and something is concerni开发者_Python百科ng me about security. Is there a way to avoid storing my e-mail password in plain text in setup_mail, and my database passwords in environment.rb?
You can store the passwords as a file on your deployment server and then have something along the lines of this in database.yml (or wherever else you have sensitive data):
production:
adapter: mysql
host: localhost
database: foobar_production
username: foobar
password: <%= begin IO.read("/home/deploy/passwords/foobar.db") rescue "" end %>
... where foobar.db is a plaintext file containing just the password.
精彩评论