Don't provide the password with dbconsole unless explicitly opted in.

Some operating system configurations allow other users to view your process list or environmental variables. This option should not be used on shared hosts. http://dev.mysql.com/doc/refman/5.0/en/password-security.html http://www.postgresql.org/docs/8.3/static/libpq-envars.html
jfirebaugh · May 31, 2008 · 0abf0da · 0abf0da
1 parent 4e4bcb4
commit 0abf0da
Showing 1 changed file with 11 additions and 3 deletions.
diff --git a/railties/lib/commands/dbconsole.rb b/railties/lib/commands/dbconsole.rb
@@ -2,8 +2,13 @@
 require 'yaml'
 require 'optparse'
 
+include_password = false
+
 OptionParser.new do |opt|
-  opt.banner = "Usage: dbconsole [environment]"
+  opt.banner = "Usage: dbconsole [options] [environment]"
+  opt.on("-p", "--include-password", "Automatically provide the database from database.yml") do |v|
+    include_password = true
+  end
   opt.parse!(ARGV)
   abort opt.to_s unless (0..1).include?(ARGV.size)
 end
@@ -31,10 +36,13 @@ def find_cmd(*commands)
     'port'      => '--port',
     'socket'    => '--socket',
     'username'  => '--user',
-    'password'  => '--password',
     'encoding'  => '--default-character-set'
   }.map { |opt, arg| "#{arg}=#{config[opt]}" if config[opt] }.compact
 
+  if config['password'] && include_password
+    args << "--password=#{config['password']}"
+  end
+
   args << config['database']
 
   exec(find_cmd('mysql5', 'mysql'), *args)
@@ -43,7 +51,7 @@ def find_cmd(*commands)
   ENV['PGUSER']     = config["username"] if config["username"]
   ENV['PGHOST']     = config["host"] if config["host"]
   ENV['PGPORT']     = config["port"].to_s if config["port"]
-  ENV['PGPASSWORD'] = config["password"].to_s if config["password"]
+  ENV['PGPASSWORD'] = config["password"].to_s if config["password"] && include_password
   exec(find_cmd('psql'), config["database"])
 
 when "sqlite"