security - What tools do you use to avoid accidently pushing private information to a github repo on a rails project? -


are there tools use scrub project before pushing public github repo. how maintain private settings, while pushing source code public repo? best practice?

i don't keep database.yml in git. write in cap setup task. email addresses , other things, read them @ app initialize file in file-system. again, not under source code management , written shared directory during cap setup.

here's sample:

namespace :deploy   task :start ; end   task :stop ; end    task :setup     run <<-cmd       mkdir -p -m 775 #{release_path} #{shared_path}/system #{shared_path}/media &&       mkdir -p -m 777 #{shared_path}/log &&       mkdir -p -m 777 #{shared_path}/pids &&       mkdir -p #{deploy_to}/#{shared_dir}/config     cmd    end    require 'erb'    after deploy:setup     db_config = erb.new <<-eof production:   adapter: mysql2   database: my_fine_database   host: 127.0.0.1   username: database_user   password: database_password eof      email_config = erb.new <<-eof ---  :user_name: me@mydomain.com :password: verysecret :port: 25 :address: mydomain.com :domain: mydomain.com :authentication: :login eof      put db_config.result, "#{shared_path}/config/database.yml"     put email_config.result, "#{shared_path}/config/creds.yml"   end

and in environment.rb, put:

credentials = file.join(rails.root, 'config/creds.yml')  actionmailer::base.smtp_settings = yaml.load(file.open(credentials)) if file.exists?(credentials)

what other sensitive information might storing?


Comments

Post a Comment

Popular posts from this blog

apache - Add omitted ? to URLs -

i working on website cms reads page name of query string, e.g. http://exmaple.com/?pagename . trying create rewrite rule rewrite ? . so, user types in /pagename , taken /?pagename try this: rewriteengine on rewritecond %{request_filename} !-d rewritecond %{request_filename} !-f rewriterule ^/?(.*) index.php?$1 [l]
Read more

redirect - bbPress Forum - rewrite to wwww.mysite prohibits login -

i using bbpress installation without wordpress integration. the redirect of rewriteengine @ forum site works: rewriteengine on rewritecond %{http_host} ^forum.mysite.com$ rewriterule (.*)$ http://www.forum.mysite.com/$1 [r=301,l] the problem login pppress. bbpress login not recognize: http://www.forum.mysite/bb-login.php . it redirects to: http://forum.mysite.com/bb-login.php . i tried permalink settings none , name based, same issue. does uses redirect in bbpress or how can eliminate "double" content , redirect permanently www.? i redirected www.forum.mysite.com forum.mysite.com , achieved eliminate "double" content.
Read more

php - How can I stop spam on my custom forum/blog? -

so have custom built forum & blog system of late has been dealing lot of spam. if wordpress use akismet, if different common platform i'm sure i'd find plugin. there kind of static class can download this? using php. i'd still go akismet, if it. uses outside of wordpress, may have pay fee it, depending on use -- check terms , conditions -- it's option , easy implement in php using api. use api key wordpress. com account access. basically, grab whichever php client library takes fancy -- use alex potsides' php5 library -- plug in key, , it's handful of lines of code. here's bare bones of validation straight 1 of live sites: ... if ($akismet) { $akismet->setcommentauthor($name); $akismet->setcommentauthoremail($session->userinfo["email"]); $akismet->setcommentauthorurl(""); $akismet->setcommentcontent($sentence);...
Read more