I would like to ask if it's less secure to grant all privileges in MySQL to the user running the application, instead of having the password in the database.yml file?
on 2009-01-07 17:17
on 2009-01-07 21:16
pikz wrote: > I would like to ask if it's less secure to grant all privileges in > MySQL to the user running the application, instead of having the > password in the database.yml file? I don't understand this question. The database.yml file specifies both the mysql user and the password for the specified user used to connect to the database. I think what you're getting at is whether to put the literal password in the database.yml file or store the password separately in a file, which is then stored in a secure location. Then reference that file to get the password. This is often done for the :production settings in the database.yml file. If I remember right this Railscasts episode shows how to do this: http://railscasts.com/episodes/85-yaml-configuration-file
on 2009-01-08 09:41
hi, Preferrable, give only required access to the user but with a password from MYSQL and use it with the password specified in the database.yml file. You can use the security feature for mentioning your username and password as mentioned by Robert Regards, NAYAK On Thu, Jan 8, 2009 at 1:46 AM, Robert Walker <