Forums - Thread Details
  • State Verified Answer
  • Replies 8 replies
  • Subscribers 319 subscribers
  • Views 2403 views
  • Users 0 members are here
Related

Hide config.php Database connection

Gerardo Garcia Lima

Hi everybody

Today I'm trying to find a way to hide the connection data to Sugar database.

I know it's written in the config.php file, on dbconfig but We don't want it to be all exposed.

So I'm trying to implement cyberArk and just change this for CyberArk info, also the method that create the connections so it will go to cyberark to get the connection data.

Thank you very much!

Parents
  • 0

    Hi Gerardo,

    I'm not sure would this solution help you. Since you are trying to just hide the config settings it could work.

    You can keep your password in another place where people wouldn't have access. All you need to give apache to access this file but anybody else.

    Like;

    /my/pass/path/passwords

    db_user_name=myDBUserName
    db_password=topSecretDBPa55w0rd

    And considering your sugar is located

    /var/www/sugarcrm/

    Then you would create a helper that reads the password from '/my/pass/path/passwords' and puts into your config_override.php like;

    Consider your helper pwdHelper;

    function pwdHelper(key){
       // read the file line by line, 
       // implode by = 
       // left handside key, right handside is value
       return value;
    }
    $sugar_config['dbconfig']['db_user_name'] = pwdHelper('db_user_name');
    $sugar_config['dbconfig']['db_password'] = pwdHelper('db_password');

    This approach usually works perfectly if you have multiple environments like sandboxes, development and production instance. But maybe this approach could work for you as well.

    Note: This is not a security approach. It's just a way of handling the passwords. 

    Best Regards
    Tevfik Tümer
    Developer Support Engineer

  • 0 in reply to Tevfik Tümer

    Hi Tevfik Tümer

    I like the idea, but here They really want me to use CyberArk since it's the way they handle all passwords for DB connections.

    I might be able to use your idea because the CyberArk connection info can be expose, then in the pwdHelper I can add the functionality to go and get the connection data to CyberArk.

    function pwdHelper(){
       //Go get data to CyberArk
       return arrayData;
    }
    $sugar_config['dbconfig'] = pwdHelper();

    I think this way may be the right way, what do you think?

    Thank you very much.

    Cheers.

  • 0 in reply to Gerardo Garcia Lima

    Hi Gerardo Garcia Lima

    If that answer really helped you.. mark it has Answer Correct

    Regards

    Syed

  • 0 in reply to Sayad Sharif

    Yeah, you're right, I don't do it because I'm testing other options. As you already notice it's a problem to set it on the config_override.php.

    Anyway, the main idea is there so i'll mark it right now.

Reply Children
No Data