From dbd3cd98e2d90315fb0ea3b262d545e7f0f9d557 Mon Sep 17 00:00:00 2001 From: Javier Eguiluz Date: Thu, 17 May 2018 16:34:35 +0200 Subject: [PATCH 1/2] Added a caution note about env vars and the profiler --- configuration/external_parameters.rst | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/configuration/external_parameters.rst b/configuration/external_parameters.rst index 375360985d3..819965f187d 100644 --- a/configuration/external_parameters.rst +++ b/configuration/external_parameters.rst @@ -130,6 +130,10 @@ the following: environment variables, exposing sensitive information such as the database credentials. + The value of the env vars is also exposed in the web interface of the + :doc:`Symfony profiler `. In practice this shouldn't be a big + deal because the web profiler must never be enabled in production. + Constants --------- From ab403204619ccbb7723eaf51e4ce9fadac0d83ee Mon Sep 17 00:00:00 2001 From: Javier Eguiluz Date: Fri, 18 May 2018 16:49:17 +0200 Subject: [PATCH 2/2] Reworded according to reviews --- configuration/external_parameters.rst | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/configuration/external_parameters.rst b/configuration/external_parameters.rst index 819965f187d..f8821b6458f 100644 --- a/configuration/external_parameters.rst +++ b/configuration/external_parameters.rst @@ -130,9 +130,9 @@ the following: environment variables, exposing sensitive information such as the database credentials. - The value of the env vars is also exposed in the web interface of the - :doc:`Symfony profiler `. In practice this shouldn't be a big - deal because the web profiler must never be enabled in production. + The values of the env vars are also exposed in the web interface of the + :doc:`Symfony profiler `. In practice this shouldn't be a + problem because the web profiler must **never** be enabled in production. Constants ---------