Plain text passwords in database.yml

Hi All,

It is our corporate security policy to not leave plain text passwords
in text files (such as database.yml).

I would like to to roll out a Rails application, but would like to
find another way to connect to MySQL without leaving plain text
passwords in database.yml

Any thoughts?

Thanks,

Brian L.

The only way to accomplish that is to make rails read the password
from the command line when you start the server. Not sure how
difficult that would be, although I would be curious myself.

Chris

database.yml should allow erb style commands like the views do.
So a something like this should work

<% require ‘SomePassStuff’ %>
development:
adapter: mysql
database: jongretar_development
username: <%= “root” %>
password: <%= decipher_pass() %>
host: localhost

Not sure what is the most secure way do encode and decode the password
would be. Just wanted to point out about the erb’ness of yml.

On 7/21/06, Brian L. [email protected] wrote:

Thanks,

Brian L.


Rails mailing list
[email protected]
http://lists.rubyonrails.org/mailman/listinfo/rails

On Jul 22, 2006, at 7:50 AM, Brian L. wrote:

It is our corporate security policy to not leave plain text passwords
in text files (such as database.yml).

The policy must have exceptions for automated operations, or else every
server reboot would require a human to be present, to provide
application passwords … or at least the decryption passwords for your
encrypted config files :slight_smile:

I would like to to roll out a Rails application, but would like to
find another way to connect to MySQL without leaving plain text
passwords in database.yml

Easy - does your security password disallow accounts that have no
passwords? Then set one up, and leave the password field in
database.yml blank – no more security “problem”.

-jim

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs