Database.yml password and security


#1

I would like to ask if it’s less secure to grant all privileges in
MySQL to the user running the application, instead of having the
password in the database.yml file?


#2

pikz wrote:

I would like to ask if it’s less secure to grant all privileges in
MySQL to the user running the application, instead of having the
password in the database.yml file?

I don’t understand this question. The database.yml file specifies both
the mysql user and the password for the specified user used to connect
to the database.

I think what you’re getting at is whether to put the literal password in
the database.yml file or store the password separately in a file, which
is then stored in a secure location. Then reference that file to get the
password. This is often done for the :production settings in the
database.yml file.

If I remember right this Railscasts episode shows how to do this:
http://railscasts.com/episodes/85-yaml-configuration-file


#3

hi,

Preferrable, give only required access to the user but with a password
from
MYSQL and use it with the password specified in the database.yml file.
You
can use the security feature for mentioning your username and password
as
mentioned by Robert

Regards,
NAYAK

On Thu, Jan 8, 2009 at 1:46 AM, Robert W. <