From kde-core-devel Mon May 03 14:10:49 2010 From: Lynn Hazan Date: Mon, 03 May 2010 14:10:49 +0000 To: kde-core-devel Subject: Re: Configuration of database connection information Message-Id: <201005031610.49598.lynn.hazan () lsce ! ipsl ! fr> X-MARC-Message: https://marc.info/?l=kde-core-devel&m=127289579917586 Le Monday 03 May 2010 13:03:07 Will Stephenson, vous avez écrit : > On Friday 30 April 2010 15:24:39 Lynn Hazan wrote: > > I am currently developing an application which is displaying data > > retrieved from a database. For that purpose I am using a dedicated unique > > database user account . > > I would like to store the database connection information (host, database > > name, user name, password) in an application configuration file which > > should not be accessible to everybody. The idea is to have the > > information outside the compiled code so it can be easily updated it if > > necessary, but protected. > > > > This configuration would be application internal (not accessible to the > > end users like with KConfig). > > > > Does anyone know how to do this? > > I don't understand the problem clearly. The app, running as the user, > needs to be able to access the configuration information, but the user > himself should not be able to read it? To change it? Why not? Or should > only other users on the system be unable to read/edit the database > configuration? > > Also kde-devel is the list for application developement. > > Will I am sorry if I was not clear, I will try to clarify. My application will have multiple users but internally the database will be accessed through a unique dedicated database account. unix user1 --> unix user2 --> application --- dedicated database user ---> database unix user3 --> This way, my application only needs to have the database connection information (user/password) of the dedicated database user. Plus, of course, the general database connection information (host, database name). You see that the database connection information is not something to be modified by the end users, it is independent of the user connecting to the application. Now I have to solutions: 1/ I hard code in the application the database connection information (host, database name, dedicated database user name,dedicated database user password). 2/ I externalize the database connection information in a configuration file which will be read by the application. In case of a change in the database connection information (ie: the IP of the server hosting the database change), with the solution 1/, I have to recompile the application, with the solution 2/ I only have to update the configuration file. Because I think that the solution 2/ is more flexible, I am trying to find a way to implement it in a secure way: it is an application development question (it is why I posted it on the kde-devel list). If I bundle the configuration file with my application, but I do not encrypt it, anyone who unpack the application tar ball will be able to use the information to connect to the database and mess it up. My question can may be redefine as: how can I read an encrypt configuration file in a standard way. I hope this is clearer, and that you will be able to help me out ;o) Lynn