From 0abf0da0016abc455145810d7060a10e0b56b0b6 Mon Sep 17 00:00:00 2001 From: Michael Koziarski Date: Sat, 31 May 2008 14:58:34 -0700 Subject: Don't provide the password with dbconsole unless explicitly opted in. Some operating system configurations allow other users to view your process list or environmental variables. This option should not be used on shared hosts. http://dev.mysql.com/doc/refman/5.0/en/password-security.html http://www.postgresql.org/docs/8.3/static/libpq-envars.html --- railties/lib/commands/dbconsole.rb | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) (limited to 'railties') diff --git a/railties/lib/commands/dbconsole.rb b/railties/lib/commands/dbconsole.rb index b81997aa59..17acb7b68f 100644 --- a/railties/lib/commands/dbconsole.rb +++ b/railties/lib/commands/dbconsole.rb @@ -2,8 +2,13 @@ require 'erb' require 'yaml' require 'optparse' +include_password = false + OptionParser.new do |opt| - opt.banner = "Usage: dbconsole [environment]" + opt.banner = "Usage: dbconsole [options] [environment]" + opt.on("-p", "--include-password", "Automatically provide the database from database.yml") do |v| + include_password = true + end opt.parse!(ARGV) abort opt.to_s unless (0..1).include?(ARGV.size) end @@ -31,10 +36,13 @@ when "mysql" 'port' => '--port', 'socket' => '--socket', 'username' => '--user', - 'password' => '--password', 'encoding' => '--default-character-set' }.map { |opt, arg| "#{arg}=#{config[opt]}" if config[opt] }.compact + if config['password'] && include_password + args << "--password=#{config['password']}" + end + args << config['database'] exec(find_cmd('mysql5', 'mysql'), *args) @@ -43,7 +51,7 @@ when "postgresql" ENV['PGUSER'] = config["username"] if config["username"] ENV['PGHOST'] = config["host"] if config["host"] ENV['PGPORT'] = config["port"].to_s if config["port"] - ENV['PGPASSWORD'] = config["password"].to_s if config["password"] + ENV['PGPASSWORD'] = config["password"].to_s if config["password"] && include_password exec(find_cmd('psql'), config["database"]) when "sqlite" -- cgit v1.2.3 From 3a9775076fc4f99f8d7ad9a554a9ef8798c8fad7 Mon Sep 17 00:00:00 2001 From: Joshua Peek Date: Sat, 31 May 2008 15:32:51 -0700 Subject: Removed suggestion for turning off partial updates. --- railties/environments/environment.rb | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) (limited to 'railties') diff --git a/railties/environments/environment.rb b/railties/environments/environment.rb index 468fa45ef6..a85ade371b 100644 --- a/railties/environments/environment.rb +++ b/railties/environments/environment.rb @@ -64,7 +64,4 @@ Rails::Initializer.run do |config| # Activate observers that should always be running # config.active_record.observers = :cacher, :garbage_collector - - # Make ActiveRecord only save the attributes that have changed since the record was loaded. - # config.active_record.partial_updates = true -end \ No newline at end of file +end -- cgit v1.2.3