Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Don't provide the password with dbconsole unless explicitly opted in.
Some operating system configurations allow other users to view your process list or environmental variables. This option should not be used on shared hosts. http://dev.mysql.com/doc/refman/5.0/en/password-security.html http://www.postgresql.org/docs/8.3/static/libpq-envars.html
- Loading branch information
Showing
1 changed file
with
11 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
0abf0da
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The usage string should read “Automatically provide the password from database.yml”
0abf0da
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(Usage string fixed on docrails:
http://github.com/lifo/docrails/commit/43334d63844da05f2cde53c4f77c829e582163be )
0abf0da
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It is wrong to disable automatically providing of password. Instead the way password is provided might be fixed by using a properly protected temporary options file given the issue is env variables and command line arguments.
Relying on individual people to obtain and supply password securely to the remote host only clears rails from responsibility but opens up more opportunity for error because we humans are not that reliable.