[Gambas-user] Password problem in database connection

Fri Jan 5 01:22:09 CET 2018

On Fri, 2018-01-05 at 01:08 +0100, Tobias Boege wrote:
> On Fri, 05 Jan 2018, Doug Hutcheson wrote:
> > On Thu, 2018-01-04 at 15:15 -0400, PICCORO McKAY Lenz wrote:
> > > a fool question, if i not have any of those stuff can i still use
> > > if
> > > i do not decided to store the password? similar problem happened
> > > in
> > > the pas when gnome-keyring was not available..
> > > 
> > > Lenz McKAY Gerardo (PICCORO)
> > > http://qgqlochekone.blogspot.com
> > > 
> > > 2018-01-04 3:41 GMT-04:00 Doug Hutcheson <owlbrudder at gmail.com>:
> > > > On Thu, 2018-01-04 at 08:29 +0100, Benoît Minisini wrote:
> > > > > Hi,
> > > > > 
> > > > > For information, the IDE use the 'gb.desktop' component for
> > > > > storing and 
> > > > > retrieving password.
> > > > > 
> > > > > The source code is in the "_Desktop_Password.class" file.
> > > > > That
> > > > > class 
> > > > > tries to use the command-line tool associated with the
> > > > > current
> > > > > desktop: 
> > > > > DBus with "KDE", secret-tool with "GNOME", "LXDE", "MATE",
> > > > > "XFCE", 
> > > > > "UNITY" and "CYGWIN".
> > > > > 
> > > > > Regards,
> > > > > 
> > > > 
> > > > Thanks Benoît. I will have to bone up on secret-tool to see if
> > > > I
> > > > can emulate what your code is doing, but from the command line.
> > > > I
> > > > am pretty sure this is where the problem exists. Your code is
> > > > corrctly setting the password in the keyring, so it must be a
> > > > problem with retrieving the password again.
> > > > 
> > > > Kind regards,
> > > > Doug
> > > > 
> > > > 
> > 
> > PICCORO, you can still access a database through code with the
> > password
> > 'hard wired', but I do not see how you could use the Connection
> > objects
> > without a desktop keyring. I may be wrong - I often am.   "8-)
> > 
> 
> You are, unless you are all implicitly talking about the IDE-built-in
> Connection features only. I have never used the IDE to manage my
> Connections and I don't use my desktop's keyring.
> 
> What I do is effectively the same as what the IDE does though: create
> a Connection object programmatically and configure it from a Settings
> file, except that my file is in the application's configuration
> directory (where it belongs, IMHO), and not in the source code
> directory.
> 
> As for the passwords, I've seen a number of programs (maybe I'm only
> looking at very old PHP/perl scripts?) which simply save database
> passwords in plain text. That's an option. You can also halt the
> execution when your program initialises and ask for the password
> once.
> 
> The way I go by default is a password-less login using MariaDB's
> auth_socket [1], which requires the application to be on the same
> server as the database(!). You connect through a local UNIX socket,
> which allows the database server to determine your system account.
> By logging in and starting the program as the right system user,
> you prove that you are entitled to certain rights in the database,
> too, but you keep the password business out of the database layer.
> 
> (Of course, by changing the configuration file, the person installing
> the software can choose to use a simple SQLite db as well or a
> password
> saved in plain text, provided that the program was made DBMS-agnostic
> enough. All this choice is built into the Connection object already
> and it should be used, and provided to the person who has to deal
> with
> the program in the end. </digression>)
> 
> Regards,
> Tobi
> 
> [1] https://mariadb.com/kb/en/library/authentication-plugin-unix-sock
> et/
> 
> 
That is sound advice, Tobi. I was expecting to be able to use the IDE
Connection tool because it was there and I assumed it was the correct
way to go.   "8-)

I will now examine the Connection object and see if it allows me to use
it for data-aware controls - I assume it does.

Many thanks for your input.

Kind regards,
Doug