Why does #Symfony define what appears to be a “real” value for APP_SECRET in the .env file that’s committed to your repository, and then, right above it, there’s a comment that says (in all caps):
“DO NOT DEFINE PRODUCTION SECRETS IN THIS FILE NOR IN ANY OTHER COMMITTED FILES.”
Where’s the documentation that explains what APP_SECRET is used for? Why doesn't it put this value in .env.local (ignored by .gitignore)?
@ramsey If I recall correctly, don't quote me on this, that the APP_SECRET Is also used for 'remember me' tokens. So if it leaks, you can get into any account.
Which yeah.. It needs to be in .env.local instead at the very least.
This past week I had a problem at DayJob that would’ve been easier to solve if we had adopted the use of repositories that create immutable value objects. Since this is a Laravel project, I was overruled. My first implementation ended up being wrong (found out via production testing) and the fix ended up involving Eloquent mutators.
I still think value objects are the better solution but my boss both disagrees and trolls me about it.
@stefan Op zich wel begrijpelijk. In Duitsland verloopt het voetbal zonder grote problemen, en zitten supporters vaak door elkaar heen. Dat soort nette supporters wil je hier niet hebben. In zo'n geval kun je niet eens de ME inzetten. Dan is als burgemeester de lol er snel vanaf.
