[development] Temporary database credentials

[Allie Micka]

On Jan 24, 2006, at 2:48 PM, Moshe Weitzman wrote:

>> It would be nice to have a place to enter some temporary  
>> credentials, stored in $_SESSION and disposed of when the user  
>> logs out.
>
>
> Interesting. Perhaps we should let users specify a different  
> $db_url in settings.php that is used while updating. If not  
> specified, we use the usual $db_url. How about this pseudo-code in  
> update.php?
>
> global $user, $db_url, $db_url_updating
> if ($user->uid == 1) {
>   $db_url = $db_url_updating;
> }

It's an OK workaround, but I'd rather see fields where users can  
optionally supply a username/password.  In our case, multiple people  
have admin rights on a db, and it would be bad form for one of them  
to hard-code their creds.  You could add this to the update.php page,  
but it's not very global reusable from there.

More importantly, the settings.php route doesn't protect you if  
someone can view that file in some way.  Ideally, there should be no  
place where admin creds are permanently stored.

One approach might be to create a "supply administrative credentials"  
permission.  Then, when a page/module needs to do advanced stuff, it  
would use some sort of db_escalate function:

function db_escalate($rights) [
   if !user_access('supply administrative credentials') return;

   if current db connection has appropriate $rights, return;

   if new username/password have been supplied, add to $_SESSION

   if isset($_SESSION[username] and $_SESSION[password] reconnect to  
the db

   return form for changing creds, populated with $_SESSION
]

Each advanced-rights page would show a new creds box, and the  
supplied creds would persist through that user's session.  The  
function could also notify Drupal that the present connection won't  
work, and things might be disabled appropriately.


Allie Micka
pajunas interactive, inc.
http://www.pajunas.com

scalable web hosting and open source strategies