On Thu, 27 Nov 2008 13:51:45 +0900, Hassan Schroeder <[EMAIL PROTECTED]> wrote:
>> I don't like either way and I was just hoping that somebody had >> already ran into this and had a better solution. > > The only way around it is to have someone enter the password into > the system at startup, which means no automatic restart. If you've got > 24x7 admin support, that may be acceptable. But even that's not a > perfect solution if your system's been compromised. > > Better to keep the bad guys out of your system in the first place, I'd > think :-) > also, don't run with the root account. Set up a special user for the rails app to use, and set permission appropriately. That way, if someone manages to get onto your server and get the db password, they only have access to a smaller part of the db. Simon --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
