On 4/26/05 9:03, "Rudy Lippan" <[EMAIL PROTECTED]> wrote:
> On Mon, 25 Apr 2005, James D. White wrote:
>
>> I have a couple of suggested patches for DBD::mysql. These patches were
>> based upon
>> DBD-mysql-2.9006.
>>
>> The first patch is to correct a typo in "t/lib.pl".
>> 47c47
>> < $::test_password = $::test_passowrd || $ENV{'DBI_PASS'} || '';
>> ---
>>> $::test_password = $::test_password || $ENV{'DBI_PASS'} || '';
>>
>> The second patch is a change to Makefile.PL so that is creates a modified
>> "t/mysql.mtest".
>> 129c129
>> < "\$::test_user = \$opt->{'testuser'};\n" .
>> ---
>>> "\$::test_user = \$opt->{'testuser'} if \$opt->{'testuser'};\n"
>>> .
>> 131c131
>> < "\$::test_password = \$opt->{'testpassword'};\n" .
>> ---
>>> "\$::test_password = \$opt->{'testpassword'} if
>>> \$opt->{'testpassword'};\n" .
>> 133,135c133,135
>> < "\$::test_dsn = \"DBI:mysql:\$::test_db\";\n" .
>> < "\$::test_dsn .= \":\$::test_host\" if \$::test_host;\n" .
>> < "\$::test_dsn .= \":\$::test_port\" if \$::test_port;\n" .
>> ---
>>> "\$::test_dsn = \"DBI:mysql:\$::test_db\" if \$::test_db;\n" .
>>> "\$::test_dsn .= \":\$::test_host\" if \$::test_host &&
>>> \$::test_db;\n" .
>>> "\$::test_dsn .= \":\$::test_port\" if \$::test_port &&
>>> \$::test_db;\n" .
>>
>
> Looks good, I'll apply this.
>
>> With these two patches, you can use environment variables DBI_USER, DBI_PASS,
>> and
>> DBI_DSN to pass the test username, test password, and test hostname needed
>> during
>> "make test". Without these changes, the "t/mysql.mtest" that is created
>> overwrites the
>> values obtained from the environment variables. If the default values (null
>> user, null
>> password, and localhost) are not correct, this forces the installer to
>> specify these values
>> on the "perl Makefile" command line. The values are then written to
>> "t/mysql.mtest".
>> The test hostname does not worry me, but I do not like to leave the test
>> username and
>> test password lying around in a file. This seems like a security problem
>> waiting to happen.
>
> I can see your point; however, I don't think that a test account that only
> needs to be able to write to the test database would be too much of a concern
> esp. if the test scripts were run on a non-production system hitting a
> non-production database.
I disagree. At least the way it used to work, the test phase created a
dot-file in which to store the username and password. You wouldn't
necessarily even be aware that such a file was lying around on your system.
If, just to get things working, you happened to have given the root account
parameters for the purpose of connecting, you'd have a significant security
hole. But having any account name/password stored in a file of which you're
not aware is a problem.
>
> In any event, it is nice to be able to specify the connection params by
> envionment variables... And the next logical step is to get DBD::mysql to read
> my.conf for the information.
>
>
>
> Thank you,
>
> Rudy.
>
