Permalink
Browse files

Applied changes for OpenShift Template security

  • Loading branch information...
1 parent 524121d commit 3e027c8bb7beaecb37b4a087d55b56daf2bb1234 @nhr nhr committed Jul 18, 2012
Showing with 132 additions and 2 deletions.
  1. +40 −2 php/app/Config/core.php
  2. +92 −0 php/app/Config/database.php
View
42 php/app/Config/core.php
@@ -19,6 +19,44 @@
* @license MIT License (http://www.opensource.org/licenses/mit-license.php)
*/
+// This is where we define the OpenShift specific secure variable functions
+require_once('openshift.inc');
+
+// Set the default keys to use
+$_default_keys = array(
+ 'Security.salt' => 'DYhG93b0qyJfIxfs2guVoUubWwvniR2G0FgaC9mi',
+ 'Security.cipherSeed' => '76859309657453542496749683645'
+);
+
+// This function gets called by openshift_secure and passes an array
+function make_secure_key($args) {
+ $hash = $args['hash'];
+ $key = $args['variable'];
+ $original = $args['original'];
+
+ $chars = '0123456789';
+ if ($key != 'Security.cipherSeed') {
+ $chars .= 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
+ $chars .= '!@#$%^&*()';
+ $chars .= '-_ []{}<>~`+=,.;:/?|';
+ }
+
+ // Convert the hash to an int to seed the RNG
+ srand(hexdec(substr($hash,0,8)));
+ // Create a random string the same length as the default
+ $val = '';
+ for($i = 1; $i <= strlen($original); $i++){
+ $val .= substr( $chars, rand(0,strlen($chars))-1, 1);
+ }
+ // Reset the RNG
+ srand();
+ // Set the value
+ return $val;
+}
+
+// Generate OpenShift secure keys (or return defaults if not on OpenShift)
+$key_list = openshift_secure($_default_keys,'make_secure_key');
+
/**
* CakePHP Debug Level:
*
@@ -184,12 +222,12 @@
/**
* A random string used in security hashing methods.
*/
- Configure::write('Security.salt', 'DYhG93b0qyJfIxfs2guVoUubWwvniR2G0FgaC9mi');
+ Configure::write('Security.salt', $key_list['Security.salt']);
/**
* A random numeric string (digits only) used to encrypt/decrypt strings.
*/
- Configure::write('Security.cipherSeed', '76859309657453542496749683645');
+ Configure::write('Security.cipherSeed', $key_list['Security.cipherSeed']);
/**
* Apply timestamps with the last modified time to static assets (js, css, images).
View
92 php/app/Config/database.php
@@ -0,0 +1,92 @@
+<?php
+/**
+ * This is core configuration file.
+ *
+ * Use it to configure core behaviour of Cake.
+ *
+ * PHP 5
+ *
+ * CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
+ * Copyright 2005-2012, Cake Software Foundation, Inc. (http://cakefoundation.org)
+ *
+ * Licensed under The MIT License
+ * Redistributions of files must retain the above copyright notice.
+ *
+ * @copyright Copyright 2005-2012, Cake Software Foundation, Inc. (http://cakefoundation.org)
+ * @link http://cakephp.org CakePHP(tm) Project
+ * @package app.Config
+ * @since CakePHP(tm) v 0.2.9
+ * @license MIT License (http://www.opensource.org/licenses/mit-license.php)
+ */
+/**
+ * In this file you set up your database connection details.
+ *
+ * @package cake.config
+ */
+/**
+ * Database configuration class.
+ * You can specify multiple configurations for production, development and testing.
+ *
+ * datasource => The name of a supported datasource; valid options are as follows:
+ * Database/Mysql - MySQL 4 & 5,
+ * Database/Sqlite - SQLite (PHP5 only),
+ * Database/Postgres - PostgreSQL 7 and higher,
+ * Database/Sqlserver - Microsoft SQL Server 2005 and higher
+ *
+ * You can add custom database datasources (or override existing datasources) by adding the
+ * appropriate file to app/Model/Datasource/Database. Datasources should be named 'MyDatasource.php',
+ *
+ *
+ * persistent => true / false
+ * Determines whether or not the database should use a persistent connection
+ *
+ * host =>
+ * the host you connect to the database. To add a socket or port number, use 'port' => #
+ *
+ * prefix =>
+ * Uses the given prefix for all the tables in this database. This setting can be overridden
+ * on a per-table basis with the Model::$tablePrefix property.
+ *
+ * schema =>
+ * For Postgres specifies which schema you would like to use the tables in. Postgres defaults to 'public'.
+ *
+ * encoding =>
+ * For MySQL, Postgres specifies the character encoding to use when connecting to the
+ * database. Uses database default not specified.
+ *
+ * unix_socket =>
+ * For MySQL to connect via socket specify the `unix_socket` parameter instead of `host` and `port`
+ */
+
+define("OS_DB_HOST", $_ENV['OPENSHIFT_DB_HOST']);
+define("OS_DB_PORT", $_ENV['OPENSHIFT_DB_PORT']);
+define("OS_DB_NAME", $_ENV['OPENSHIFT_APP_NAME']);
+define("OS_DB_TEST", 'test_' . $_ENV['OPENSHIFT_APP_NAME']);
+define("OS_DB_USER", $_ENV['OPENSHIFT_DB_USERNAME']);
+define("OS_DB_PASS", $_ENV['OPENSHIFT_DB_PASSWORD']);
+
+class DATABASE_CONFIG {
+ public $default = array(
+ 'datasource' => 'Database/Mysql',
+ 'persistent' => false,
+ 'host' => OS_DB_HOST,
+ 'port' => OS_DB_PORT,
+ 'login' => OS_DB_USER,
+ 'password' => OS_DB_PASS,
+ 'database' => OS_DB_NAME,
+ 'prefix' => '',
+ //'encoding' => 'utf8',
+ );
+
+ public $test = array(
+ 'datasource' => 'Database/Mysql',
+ 'persistent' => false,
+ 'host' => OS_DB_HOST,
+ 'port' => OS_DB_PORT,
+ 'login' => OS_DB_USER,
+ 'password' => OS_DB_PASS,
+ 'database' => OS_DB_TEST,
+ 'prefix' => '',
+ //'encoding' => 'utf8',
+ );
+}

0 comments on commit 3e027c8

Please sign in to comment.