在Rails应用程序中安全地提供数据库密码 [英] Securely providing the database password in a Rails app
问题描述
如你所知,你必须在config / database.yml文件中为数据库提供正确的数据库名称,用户名和密码,否则你的Rails应用程序将拒绝工作。
在默认设置中,您的密码是在config / database.yml文件中的纯文本。如果你的应用程序在一个免费的GitHub存储库,那么你的密码是公共信息。这不是一个严重的应用程序的可行选择。 (对于教程练习,这是没有问题的,前提是你不使用此密码为其他任何东西。)
我有一个解决方案,迄今为止已经为我工作,但我想知道是否有更好的东西。您可以在 https://github.com/jhsu802701/bsf 查看我已部署的示例。
我所做的是设置config / database.yml文件,为程序开发环境提供用户名和密码。对于开发环境,我向config / database.yml脚本添加命令以获取开发环境用户名(这是我使用的Debian Linux设置的常规用户名)和空白密码。 (我给我的用户名Postgres超级用户权限。)对于生产环境,我在部署脚本中添加一个命令,从我的帐户的其他地方的文件获取用户名和密码,并将此信息写入config / database.yml文件。 p>
有更好的解决方案吗?
如果没有,我想创建一个。
heroku的方式,商店有ENV变量
将两个变量导出到您的环境中,
export POSTGRES_USERNAME ='username'
export POSTGRES_PASSWORD ='password'
.yml文件你可以做
用户名:<%= ENV ['POSTGRES_USERNAME']%>
密码:<%= ENV ['POSTGRES_PASSWORD']%>
As you know, you MUST provide the correct database name, username, and password for the database in the config/database.yml file, or your Rails app will refuse to work.
In the default setup, your password is in plain text in the config/database.yml file. If your app is on a free GitHub repository, then your password is public information. This is not a viable option for a serious app. (It's OK for a tutorial exercise, provided that you don't use this password for anything else.)
I have a solution that has worked for me so far, but I'm wondering if there is something better. You can see my deployed example at https://github.com/jhsu802701/bsf .
What I do is set up the config/database.yml file to provide the username and password for the development environment programatically. For the development environment, I add commands to the config/database.yml script to acquire the development environment username (which is my regular username for the Debian Linux setup I use) and a blank password. (I give my username Postgres superuser privileges.) For the production environment, I add a command in the deployment script that acquires the username and password from files elsewhere on my account and writes this information to the config/database.yml file.
Is there a better solution?
Is there a Ruby gem that covers this? If not, I'm thinking of creating one.
The way that heroku does it, and a vast majority of other rails shops are with ENV variables
Export two variables to your environment,
export POSTGRES_USERNAME='username'
export POSTGRES_PASSWORD='password'
then in your database.yml file you can do
username: <%= ENV['POSTGRES_USERNAME'] %>
password: <%= ENV['POSTGRES_PASSWORD'] %>
这篇关于在Rails应用程序中安全地提供数据库密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!