Beefy Boxes and Bandwidth Generously Provided by pair Networks
more useful options
 
PerlMonks  

Re: Keeping MySQL connection parameters in a safe place

by gmax (Abbot)
on Dec 27, 2005 at 16:26 UTC ( #519356=note: print w/ replies, xml ) Need Help??


in reply to Keeping MySQL connection parameters in a safe place

One more trick usable with DBD::mysql is mysql_read_default_group ,an option to have a configuration file with credentials for different applications.

First, you need to create a configuration file, with different [label]s.

# $HOME/.my.cnf # Here are some general options [client] socket=/tmp/mysql.sock port=3306 # the following are specific to each application [mysqldump] user=dumpuser password=not_my_pwd [backup] user=bkpuser password=not_my_real_one [usage] user=simpleguy password=not_this_one [readonly] user=poorguy password=don_t_try_it [myapp] user=specialguy password=something_different

Then, in your code you can refer to such labels this way:

my $dbh = DBI->connect("DBI:mysql:test" . ";mysql_read_default_file=$ENV{HOME}/.my.cnf" .';mysql_read_default_group=myapp', undef, undef ) or die "something went wrong ($DBI::errstr)";

This code will use the label [myapp] from the file $ENV{HOME}/.my.cnf.

To use a backup application, replace myapp with backup in the above code and your application will use that username and password under [backup].

You can also use this trick to test the same application with different users having different access profiles. (Update. - I mean database users, not O.S. users)

my $profile = shift || 'usage'; my $dbh = DBI->connect("DBI:mysql:test" . ";mysql_read_default_file=$ENV{HOME}/.my.cnf" .";mysql_read_default_group=$profile", undef, undef ) or die "something went wrong ($DBI::errstr)";

BTW, the article you were referring to is mine, also published in my blog.

Update - While mysql_read_default_file adds to security, because you won't leave your password hardcoded in your script and you can store it outside the document tree in web applications, using mysql_read_default_group is only a matter of convenience. Using it does not add to security, but just to tidiness.

 _  _ _  _  
(_|| | |(_|><
 _|   


Comment on Re: Keeping MySQL connection parameters in a safe place
Select or Download Code
Re^2: Keeping MySQL connection parameters in a safe place
by dragonchild (Archbishop) on Dec 27, 2005 at 18:20 UTC
    Doesn't the user the app runs under still have to have read access to the file or does the mysql user have to have read access to the file? I'm wondering where the additional safety benefits are coming in over using your own config file.

    My criteria for good software:
    1. Does it work?
    2. Can someone else come in, make a change, and be reasonably certain no bugs were introduced?

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://519356]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others surveying the Monastery: (12)
As of 2014-09-18 11:33 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    How do you remember the number of days in each month?











    Results (113 votes), past polls