[Gambas-user] Password problem in database connection
Tobias Boege
taboege at gmail.com
Fri Jan 5 01:08:26 CET 2018
On Fri, 05 Jan 2018, Doug Hutcheson wrote:
> On Thu, 2018-01-04 at 15:15 -0400, PICCORO McKAY Lenz wrote:
> > a fool question, if i not have any of those stuff can i still use if
> > i do not decided to store the password? similar problem happened in
> > the pas when gnome-keyring was not available..
> >
> > Lenz McKAY Gerardo (PICCORO)
> > http://qgqlochekone.blogspot.com
> >
> > 2018-01-04 3:41 GMT-04:00 Doug Hutcheson <owlbrudder at gmail.com>:
> > > On Thu, 2018-01-04 at 08:29 +0100, Benoît Minisini wrote:
> > > > Hi,
> > > >
> > > > For information, the IDE use the 'gb.desktop' component for
> > > > storing and
> > > > retrieving password.
> > > >
> > > > The source code is in the "_Desktop_Password.class" file. That
> > > > class
> > > > tries to use the command-line tool associated with the current
> > > > desktop:
> > > > DBus with "KDE", secret-tool with "GNOME", "LXDE", "MATE",
> > > > "XFCE",
> > > > "UNITY" and "CYGWIN".
> > > >
> > > > Regards,
> > > >
> > >
> > > Thanks Benoît. I will have to bone up on secret-tool to see if I
> > > can emulate what your code is doing, but from the command line. I
> > > am pretty sure this is where the problem exists. Your code is
> > > corrctly setting the password in the keyring, so it must be a
> > > problem with retrieving the password again.
> > >
> > > Kind regards,
> > > Doug
> > >
> > >
>
> PICCORO, you can still access a database through code with the password
> 'hard wired', but I do not see how you could use the Connection objects
> without a desktop keyring. I may be wrong - I often am. "8-)
>
You are, unless you are all implicitly talking about the IDE-built-in
Connection features only. I have never used the IDE to manage my
Connections and I don't use my desktop's keyring.
What I do is effectively the same as what the IDE does though: create
a Connection object programmatically and configure it from a Settings
file, except that my file is in the application's configuration
directory (where it belongs, IMHO), and not in the source code directory.
As for the passwords, I've seen a number of programs (maybe I'm only
looking at very old PHP/perl scripts?) which simply save database
passwords in plain text. That's an option. You can also halt the
execution when your program initialises and ask for the password once.
The way I go by default is a password-less login using MariaDB's
auth_socket [1], which requires the application to be on the same
server as the database(!). You connect through a local UNIX socket,
which allows the database server to determine your system account.
By logging in and starting the program as the right system user,
you prove that you are entitled to certain rights in the database,
too, but you keep the password business out of the database layer.
(Of course, by changing the configuration file, the person installing
the software can choose to use a simple SQLite db as well or a password
saved in plain text, provided that the program was made DBMS-agnostic
enough. All this choice is built into the Connection object already
and it should be used, and provided to the person who has to deal with
the program in the end. </digression>)
Regards,
Tobi
[1] https://mariadb.com/kb/en/library/authentication-plugin-unix-socket/
--
"There's an old saying: Don't change anything... ever!" -- Mr. Monk
More information about the User
mailing list