I would like to ask if it''s less secure to grant all privileges in MySQL to the user running the application, instead of having the password in the database.yml file? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
pikz wrote:> I would like to ask if it''s less secure to grant all privileges in > MySQL to the user running the application, instead of having the > password in the database.yml file?I don''t understand this question. The database.yml file specifies both the mysql user and the password for the specified user used to connect to the database. I think what you''re getting at is whether to put the literal password in the database.yml file or store the password separately in a file, which is then stored in a secure location. Then reference that file to get the password. This is often done for the :production settings in the database.yml file. If I remember right this Railscasts episode shows how to do this: http://railscasts.com/episodes/85-yaml-configuration-file -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
hi, Preferrable, give only required access to the user but with a password from MYSQL and use it with the password specified in the database.yml file. You can use the security feature for mentioning your username and password as mentioned by Robert Regards, NAYAK On Thu, Jan 8, 2009 at 1:46 AM, Robert Walker < rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote:> > pikz wrote: > > I would like to ask if it''s less secure to grant all privileges in > > MySQL to the user running the application, instead of having the > > password in the database.yml file? > > I don''t understand this question. The database.yml file specifies both > the mysql user and the password for the specified user used to connect > to the database. > > I think what you''re getting at is whether to put the literal password in > the database.yml file or store the password separately in a file, which > is then stored in a secure location. Then reference that file to get the > password. This is often done for the :production settings in the > database.yml file. > > If I remember right this Railscasts episode shows how to do this: > http://railscasts.com/episodes/85-yaml-configuration-file > -- > Posted via http://www.ruby-forum.com/. > > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---