[development] Temporary database credentials

Kieran Lal kieran at civicspacelabs.org
Tue Jan 24 19:19:09 UTC 2006

On Jan 24, 2006, at 10:33 AM, Allie Micka wrote:

> Like many hosting providers, we grant full access to databases for  
> site administrators, and we create a separate, rights-limited user  
> for each database.
> This is a great idea until it's time to run update.php.   It really  
> should detect that I don't have DROP, ALTER, etc; but instead it  
> just fails badly.
> What I've been doing is editing settings.php to replace the  
> credentials in $db_url, running update.php, and then re-editing the  
> file.  I'm sure that most of our users are just leaving things as- 
> is, which is bad for many reasons.
> It would be nice to have a place to enter some temporary  
> credentials, stored in $_SESSION and disposed of when the user logs  
> out.
> a) Is this in-progress someplace?
> b) Anybody have UI suggestions for this?  It could just go into  
> update.php, but may have use elsewhere.

I am definitely interested in this.  With the latest release  
candidate for CivicSpace we have now included security checks on  
configuration files to ensure that files written to in the  
installation should now be locked down on the webserver.

It would make sense to evolve these same sorts of protections for  
update.php. No ideas on implementation, but interested in continuing  
the conversation to make this happen.

> Allie Micka
> pajunas interactive, inc.
> http://www.pajunas.com
> scalable web hosting and open source strategies

More information about the development mailing list