I am learning Symfony2, and if i refer to The Symfony CookBook (http://symfony.com/doc/current/cookbook/configuration/external_parameters.html) they tell us to put sensitive options (like database password and user) outside of Symfony.
It is safe to put that informations on $_SERVER ?
SetEnv SYMFONY__DATABASE__USER user
SetEnv SYMFONY__DATABASE__PASSWORD password
If yes (or no), why?
Thanks you in advance
Every PaaS platform (elasticbeanstalk, heroku, etc..) uses Environment Variables (in php accessible via $_SERVER and getenv function). IMO if you disable phpinfo function in production (because everybody loves to create file info.php in root dir;]) it's a pretty safe place to hold password.