> > > 2. The connection string (with passwords). Right now I have the site > admins hack in connection strings for external databases into settings.php > in the sites folder. That probably won't work for a true ad hoc reporting > solution, since we may want users to be able to connect to databases from > the UI? Is it untenable to store these using variable_set? Are there any > ideas for securing them inside the drupal DB? >
I can confirm that you can connect to dbs by dynamically adding connection strings stored in the DB to $GLOBAL['db_url'] at any time, which does save having people editing settings.php We do it to connect to other Drupal databases for queries. For external DBs might be interesting to see if you could use Data ( drupal.org/project/data) to integrate with Views and let users build the queries via the Views UI. Never tried dynamically doing that but I think it is worth considering. Best, Ronald --- http://www.istos.it
