From e8f5890e4b7eb52ed4d905a225c3bf985f397439 Mon Sep 17 00:00:00 2001 From: katzgrau Date: Thu, 10 Mar 2011 10:24:29 -0500 Subject: Added full docs for new ENVIRONMENT constant. --- user_guide/changelog.html | 2 + user_guide/general/environments.html | 126 +++++++++++++++++++++++++++++++++++ user_guide/general/security.html | 17 +++++ user_guide/installation/index.html | 6 ++ user_guide/libraries/config.html | 38 ++++++++--- user_guide/nav/nav.js | 1 + 6 files changed, 180 insertions(+), 10 deletions(-) create mode 100644 user_guide/general/environments.html (limited to 'user_guide') diff --git a/user_guide/changelog.html b/user_guide/changelog.html index 648c9221b..4129046ff 100644 --- a/user_guide/changelog.html +++ b/user_guide/changelog.html @@ -68,6 +68,8 @@ Hg Tag: n/a

diff --git a/user_guide/general/environments.html b/user_guide/general/environments.html new file mode 100644 index 000000000..690c14c2c --- /dev/null +++ b/user_guide/general/environments.html @@ -0,0 +1,126 @@ + + + + + +Creating Libraries : CodeIgniter User Guide + + + + + + + + + + + + + + + + + + + + + +
+ + + + + +

CodeIgniter User Guide Version 2.0.0

+
+ + + + + + + + + +
+ + +
+ + + +
+ +

Handling Multiple Environments

+ +

+ Developers often desire different system behavior depending on whether + an application is running in a development or production + environment. For example, verbose error output is something that would + be useful while developing an application, but it may also pose a security issue when "live". +

+ +

The ENVIRONMENT Constant

+ +

+ By default, CodeIgniter comes with the environment constant set to + 'development'. At the top of index.php, you will see: +

+ + +define('ENVIRONMENT', 'development'); + + +

+ In addition to affecting some basic framework behavior (see the next section), + you may use this constant in your own development to differentiate + between which environment you are running in. +

+ +

Effects On Default Framework Behavior

+ +

+ There are some places in the CodeIgniter system where the ENVIRONMENT + constant is used. This section describes how default framework behavior is + affected. +

+ +

Error Reporting

+ +

+ Setting the ENVIRONMENT constant to a value of 'development' will + cause all PHP errors to be rendered to the browser when they occur. Conversely, + setting the constant to 'production' will disable all error output. Disabling + error reporting in production is a good security practice. +

+ +

Configuration Files

+ +

+ Optionally, you can have CodeIgniter load environment-specific + configuration files. This may be useful for managing things like differing API keys + across multiple environments. This is described in more detail in the + environment section of the Config Class documentation. +

+ +
+ + + + + + + \ No newline at end of file diff --git a/user_guide/general/security.html b/user_guide/general/security.html index 8a41dff9d..5ecfcf18a 100644 --- a/user_guide/general/security.html +++ b/user_guide/general/security.html @@ -87,6 +87,23 @@ array is unset by the Input class during system initialization.

During system initialization all global variables are unset, except those found in the $_POST and $_COOKIE arrays. The unsetting routine is effectively the same as register_globals = off.

+ +

error_reporting

+ +

+ In production environments, it is typically desirable to disable PHP's + error reporting by setting the internal error_reporting flag to a value of 0. This disables native PHP + errors from being rendered as output, which may potentially contain + sensitive information. +

+ +

+ Setting CodeIgniter's ENVIRONMENT constant in index.php to a + value of 'production' will turn off these errors. In development + mode, it is recommended that a value of 'development' is used. + More information about differentiating between environments can be found + on the Handling Environments page. +

magic_quotes_runtime

diff --git a/user_guide/installation/index.html b/user_guide/installation/index.html index 9a611eb41..8ba41313c 100644 --- a/user_guide/installation/index.html +++ b/user_guide/installation/index.html @@ -74,6 +74,12 @@ variables at the top of the file with the new name you've chosen.

After moving them, open your main index.php file and set the $system_folder and $application_folder variables, preferably with a full path, e.g. '/www/MyUser/system'.

+

+ One additional measure to take in production environments is to disable + PHP error reporting and any other development-only functionality. In CodeIgniter, + this can be done by setting the ENVIRONMENT constant, which is + more fully described on the security page. +

That's it!

diff --git a/user_guide/libraries/config.html b/user_guide/libraries/config.html index 66b8426d9..af7bcfe61 100644 --- a/user_guide/libraries/config.html +++ b/user_guide/libraries/config.html @@ -153,21 +153,39 @@ $site_name = $blog_config['site_name'];

Environments

-

You can set the environment of you application and load config items depending on the current environment. It also disables PHP from displaying errors in environments other than development. To set your environment, open index.php, located at the root and change the ENVIRONMENT constant. By default, there is support for a development, test and production environment.

- - -define('ENVIRONMENT', 'development'); - +

+ You may load different configuration files depending on the current environment. + The ENVIRONMENT constant is defined in index.php, and is described + in detail in the Handling Environments + section. +

+ +

+ To create an environment-specific configuration file, + create or copy a configuration file in application/config/{ENVIRONMENT}/{FILENAME}.php +

+ +

For example, to create a production-only config.php, you would:

+ +
    +
  1. Create the directory application/config/production/
    2. +
  2. Copy your existing config.php into the above directory
    3. +
  3. Edit application/config/production/config.php so it contains your production settings
    4. +
+ +

+ When you set the ENVIRONMENT constant to 'production', the settings + for your new production-only config.php will be loaded. +

-

To make a config file environment-aware, copy the file from application/config/ to application/config/development/, depending on the environment the config file belongs to. You can place the following configuration files in environment folders:

+

You can place the following configuration files in environment-specific folders:

-

Note: CodeIgniter always tries to load the config file for the current environment first. If the file does not exist, the global config file (i.e. application/config/) is loaded. This means you are not obligated to place all your config files (but rather the files that change per environment) in an environment folder.

+

Note: CodeIgniter always tries to load the configuration files for the current environment first. If the file does not exist, the global config file (i.e., the one in application/config/) is loaded. This means you are not obligated to place all of your configuration files in an environment folder − only the files that change per environment.

Helper Functions

diff --git a/user_guide/nav/nav.js b/user_guide/nav/nav.js index 8f16e275f..eaa5f6237 100644 --- a/user_guide/nav/nav.js +++ b/user_guide/nav/nav.js @@ -59,6 +59,7 @@ function create_menu(basepath) '
  • Caching
    • ' + '
  • Profiling Your Application
    • ' + '
  • Managing Applications
    • ' + + '
  • Handling Multiple Environments
    • ' + '
  • Alternative PHP Syntax
    • ' + '
  • Security
    • ' + '
  • PHP Style Guide
    • ' + -- cgit v1.2.3-24-g4f1b