lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


On Thu, May 29, 2014 at 4:23 PM, Paige DePol <lual@serfnet.org> wrote:
> There are a number of methods to determine the type of operating system without ever touching a server process


Still, it's unwise to expose environment variables, regardless of their content.

There's also nothing wrong in using environment variables as process
configuration.  It's even encouraged by one of the current fads: the
12-factor app style[1]

Typically there are lots of more sensitive data in environment vars.
While it's handy to return to the client while debugging, keeping it
in production is foolish, and asking that other tools don't use them
to 'reduce exposure' is.... (i'll have to check a thesaurus.)


[1]: http://12factor.net/

-- 
Javier