Forum: Ruby on Rails Database.yml password and security

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
868b7ab5ae25ed816ebe790a4993e305?d=identicon&s=25 pikz (Guest)
on 2009-01-07 17:17
(Received via mailing list)
I would like to ask if it's less secure to grant all privileges in
MySQL to the user running the application, instead of having the
password in the database.yml file?
280b78a61a968391b7e07e912be102a8?d=identicon&s=25 Robert Walker (robert4723)
on 2009-01-07 21:16
pikz wrote:
> I would like to ask if it's less secure to grant all privileges in
> MySQL to the user running the application, instead of having the
> password in the database.yml file?

I don't understand this question. The database.yml file specifies both
the mysql user and the password for the specified user used to connect
to the database.

I think what you're getting at is whether to put the literal password in
the database.yml file or store the password separately in a file, which
is then stored in a secure location. Then reference that file to get the
password. This is often done for the :production settings in the
database.yml file.

If I remember right this Railscasts episode shows how to do this:
http://railscasts.com/episodes/85-yaml-configuration-file
9cf6e7f81d4339295b86e5fb7d7df49b?d=identicon&s=25 Vishwanath Nayak (nayak)
on 2009-01-08 09:41
(Received via mailing list)
hi,

Preferrable, give only required access to the user but with a password
from
MYSQL and use it with the password specified in the database.yml file.
You
can use the security feature for mentioning your username and password
as
mentioned by Robert

Regards,
NAYAK

On Thu, Jan 8, 2009 at 1:46 AM, Robert Walker <
This topic is locked and can not be replied to.