Eric writes:
I was shocked today to find out that the scripts autoinstalls don't
read the SQL password from ~/.sql/my.cnf, but instead copy the password
from there into their own directories without telling the user.
The current state is misleading -- the autoinstaller doesn't ask for
the password, and I assumed the autoinstall would do the same thing as
the autoinstaller -- and leads to a couple bad consequences:
- It changes the security of my SQL password without telling me.
Suppose I want my website's code to be readable by foo-discuss,
and writable by foo-request. I would set web_scripts/ to be
readable by foo-discuss, and .sql/ only readable by foo-request.
When I autoinstall something, all my SQL databases suddenly become
writable by foo-discuss and _I wouldn't realize it_.
The autoinstallers hard-code dropping privilege in the special
case of "foo-discuss" being system:{any,auth}user, but that's cold
comfort. When I decide to make all my web_scripts anyuser
readable, it might not occur to me that some program I ran once
that never mentioned SQL at all would expose my SQL password,
jeopardizing databases that I care about.
- When I change my SQL password, my autoinstalls stop working. I
won't check that they work for some time, and users in the
meantime likely won't report the outage.
How hard can it be to change configuration lines from
$password='passwd'
to
$password=sed -n s/^password=//p ~/.sql/my.cnf | tr -d '\n' ?
And if fixing it is difficult, could you at least warn the user at
install time that you're spewing his SQL password around?
Thanks,
Eric
