Hi All, It is our corporate security policy to not leave plain text passwords in text files (such as database.yml). I would like to to roll out a Rails application, but would like to find another way to connect to MySQL without leaving plain text passwords in database.yml Any thoughts? Thanks, Brian Long
The only way to accomplish that is to make rails read the password from the command line when you start the server. Not sure how difficult that would be, although I would be curious myself. Chris On 7/21/06, Brian Long <brian.long@firstmoversadvantage.com> wrote:> Hi All, > > It is our corporate security policy to not leave plain text passwords > in text files (such as database.yml). > > I would like to to roll out a Rails application, but would like to > find another way to connect to MySQL without leaving plain text > passwords in database.yml > > Any thoughts? > > Thanks, > > Brian Long > _______________________________________________ > Rails mailing list > Rails@lists.rubyonrails.org > http://lists.rubyonrails.org/mailman/listinfo/rails >
Jon Gretar Borgthorsson
2006-Jul-21 20:08 UTC
[Rails] Plain text passwords in database.yml
database.yml should allow erb style commands like the views do. So a something like this should work <% require ''SomePassStuff'' %> development: adapter: mysql database: jongretar_development username: <%= "root" %> password: <%= decipher_pass() %> host: localhost Not sure what is the most secure way do encode and decode the password would be. Just wanted to point out about the erb''ness of yml. On 7/21/06, Brian Long <brian.long@firstmoversadvantage.com> wrote:> Hi All, > > It is our corporate security policy to not leave plain text passwords > in text files (such as database.yml). > > I would like to to roll out a Rails application, but would like to > find another way to connect to MySQL without leaving plain text > passwords in database.yml > > Any thoughts? > > Thanks, > > Brian Long > _______________________________________________ > Rails mailing list > Rails@lists.rubyonrails.org > http://lists.rubyonrails.org/mailman/listinfo/rails >-- -------------- Jon Gretar Borgthorsson http://www.jongretar.net/
On Jul 22, 2006, at 7:50 AM, Brian Long wrote:> It is our corporate security policy to not leave plain text passwords > in text files (such as database.yml).The policy must have exceptions for automated operations, or else every server reboot would require a human to be present, to provide application passwords ... or at least the decryption passwords for your encrypted config files :-)> I would like to to roll out a Rails application, but would like to > find another way to connect to MySQL without leaving plain text > passwords in database.ymlEasy - does your security password disallow accounts that have no passwords? Then set one up, and leave the password field in database.yml blank -- no more security "problem". -jim
Reasonably Related Threads
- SwitchTower and multiple database.yml files - how do you deal with them?
- problem with database.yml moving from 0.13.0 to 0.14.4
- database.yml and Dreamhost
- Question about setting database config without database.yml
- Capistrano/SVN: Deploying different database.yml for live?