[development] Temporary database credentials
Kieran Lal
kieran at civicspacelabs.org
Tue Jan 24 19:19:09 UTC 2006
On Jan 24, 2006, at 10:33 AM, Allie Micka wrote:
> Like many hosting providers, we grant full access to databases for
> site administrators, and we create a separate, rights-limited user
> for each database.
>
> This is a great idea until it's time to run update.php. It really
> should detect that I don't have DROP, ALTER, etc; but instead it
> just fails badly.
>
> What I've been doing is editing settings.php to replace the
> credentials in $db_url, running update.php, and then re-editing the
> file. I'm sure that most of our users are just leaving things as-
> is, which is bad for many reasons.
>
> It would be nice to have a place to enter some temporary
> credentials, stored in $_SESSION and disposed of when the user logs
> out.
>
> a) Is this in-progress someplace?
> b) Anybody have UI suggestions for this? It could just go into
> update.php, but may have use elsewhere.
I am definitely interested in this. With the latest release
candidate for CivicSpace we have now included security checks on
configuration files to ensure that files written to in the
installation should now be locked down on the webserver.
It would make sense to evolve these same sorts of protections for
update.php. No ideas on implementation, but interested in continuing
the conversation to make this happen.
Cheers,
Kieran
>
>
> Allie Micka
> pajunas interactive, inc.
> http://www.pajunas.com
>
> scalable web hosting and open source strategies
>
>
More information about the development
mailing list