Skip to content

Added a caution note about env vars and the profiler #9793

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 2 commits into from
Closed

Added a caution note about env vars and the profiler #9793

wants to merge 2 commits into from

Conversation

javiereguiluz
Copy link
Member

This fixes #9540.

@javiereguiluz javiereguiluz added this to the 4.0 milestone May 17, 2018
@javiereguiluz javiereguiluz mentioned this pull request May 17, 2018
Closed
xabbuh
xabbuh reviewed May 18, 2018
View reviewed changes
configuration/external_parameters.rst Outdated
@@ -130,6 +130,10 @@ the following:
environment variables, exposing sensitive information such as the database
credentials.

The value of the env vars is also exposed in the web interface of the
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"The values [...] are [...]"?

xabbuh
xabbuh reviewed May 18, 2018
View reviewed changes
configuration/external_parameters.rst Outdated
@@ -130,6 +130,10 @@ the following:
environment variables, exposing sensitive information such as the database
credentials.

The value of the env vars is also exposed in the web interface of the
:doc:`Symfony profiler </profiler>`. In practice this shouldn't be a big
deal because the web profiler must never be enabled in production.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we emphasize "never"?

@xabbuh xabbuh modified the milestones: 4.0, 3.4 May 18, 2018
@xabbuh
Copy link
Member

xabbuh commented May 18, 2018
edited
Loading

@javiereguiluz should be merged into the 3.4 branch IMO as the contents are the same there

javiereguiluz added a commit that referenced this pull request May 18, 2018
@javiereguiluz
minor #9793 Added a caution note about env vars and the profiler (jav…
768242f 
…iereguiluz)

This PR was submitted for the 4.0 branch but it was squashed and merged into the 3.4 branch instead (closes #9793).

Discussion
----------

Added a caution note about env vars and the profiler

This fixes #9540.

Commits
-------

1c426f7 Added a caution note about env vars and the profiler
@javiereguiluz javiereguiluz deleted the fix_9540 branch May 24, 2018 16:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@xabbuh xabbuh xabbuh approved these changes

@michaelhiiva michaelhiiva michaelhiiva approved these changes

Assignees
No one assigned
Labels
Status: Reviewed
Projects
None yet
Milestone
3.4
Development

Successfully merging this pull request may close these issues.
4 participants
@javiereguiluz @xabbuh @michaelhiiva @carsonbot