From 0abf0da0016abc455145810d7060a10e0b56b0b6 Mon Sep 17 00:00:00 2001 From: Michael Koziarski Date: Sat, 31 May 2008 14:58:34 -0700 Subject: Don't provide the password with dbconsole unless explicitly opted in. Some operating system configurations allow other users to view your process list or environmental variables. This option should not be used on shared hosts. http://dev.mysql.com/doc/refman/5.0/en/password-security.html http://www.postgresql.org/docs/8.3/static/libpq-envars.html --- railties/lib/commands/dbconsole.rb | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/railties/lib/commands/dbconsole.rb b/railties/lib/commands/dbconsole.rb index b81997aa59..17acb7b68f 100644 --- a/railties/lib/commands/dbconsole.rb +++ b/railties/lib/commands/dbconsole.rb @@ -2,8 +2,13 @@ require 'erb' require 'yaml' require 'optparse' +include_password = false + OptionParser.new do |opt| - opt.banner = "Usage: dbconsole [environment]" + opt.banner = "Usage: dbconsole [options] [environment]" + opt.on("-p", "--include-password", "Automatically provide the database from database.yml") do |v| + include_password = true + end opt.parse!(ARGV) abort opt.to_s unless (0..1).include?(ARGV.size) end @@ -31,10 +36,13 @@ when "mysql" 'port' => '--port', 'socket' => '--socket', 'username' => '--user', - 'password' => '--password', 'encoding' => '--default-character-set' }.map { |opt, arg| "#{arg}=#{config[opt]}" if config[opt] }.compact + if config['password'] && include_password + args << "--password=#{config['password']}" + end + args << config['database'] exec(find_cmd('mysql5', 'mysql'), *args) @@ -43,7 +51,7 @@ when "postgresql" ENV['PGUSER'] = config["username"] if config["username"] ENV['PGHOST'] = config["host"] if config["host"] ENV['PGPORT'] = config["port"].to_s if config["port"] - ENV['PGPASSWORD'] = config["password"].to_s if config["password"] + ENV['PGPASSWORD'] = config["password"].to_s if config["password"] && include_password exec(find_cmd('psql'), config["database"]) when "sqlite" -- cgit v1.2.3