Permalink
Browse files

Don't provide the password with dbconsole unless explicitly opted in.

Some operating system configurations allow other users to view your process list
or environmental variables.  This option should not be used on shared hosts.

http://dev.mysql.com/doc/refman/5.0/en/password-security.html
http://www.postgresql.org/docs/8.3/static/libpq-envars.html
  • Loading branch information...
1 parent 4e4bcb4 commit 0abf0da0016abc455145810d7060a10e0b56b0b6 @NZKoz NZKoz committed May 31, 2008
Showing with 11 additions and 3 deletions.
  1. +11 −3 railties/lib/commands/dbconsole.rb
@@ -2,8 +2,13 @@
require 'yaml'
require 'optparse'
+include_password = false
+
OptionParser.new do |opt|
- opt.banner = "Usage: dbconsole [environment]"
+ opt.banner = "Usage: dbconsole [options] [environment]"
+ opt.on("-p", "--include-password", "Automatically provide the database from database.yml") do |v|
+ include_password = true
+ end
opt.parse!(ARGV)
abort opt.to_s unless (0..1).include?(ARGV.size)
end
@@ -31,10 +36,13 @@ def find_cmd(*commands)
'port' => '--port',
'socket' => '--socket',
'username' => '--user',
- 'password' => '--password',
'encoding' => '--default-character-set'
}.map { |opt, arg| "#{arg}=#{config[opt]}" if config[opt] }.compact
+ if config['password'] && include_password
+ args << "--password=#{config['password']}"
+ end
+
args << config['database']
exec(find_cmd('mysql5', 'mysql'), *args)
@@ -43,7 +51,7 @@ def find_cmd(*commands)
ENV['PGUSER'] = config["username"] if config["username"]
ENV['PGHOST'] = config["host"] if config["host"]
ENV['PGPORT'] = config["port"].to_s if config["port"]
- ENV['PGPASSWORD'] = config["password"].to_s if config["password"]
+ ENV['PGPASSWORD'] = config["password"].to_s if config["password"] && include_password
exec(find_cmd('psql'), config["database"])
when "sqlite"

2 comments on commit 0abf0da

@drothlis

The usage string should read “Automatically provide the password from database.yml”

@drothlis

(Usage string fixed on docrails:
http://github.com/lifo/docrails/commit/43334d63844da05f2cde53c4f77c829e582163be )

Please sign in to comment.