Configuration of database connection information

Mon May 3 15:10:49 BST 2010

Le Monday 03 May 2010 13:03:07 Will Stephenson, vous avez écrit :
> On Friday 30 April 2010 15:24:39 Lynn Hazan wrote:
> > I am currently developing an application which is displaying data
> > retrieved from a database. For that purpose I am using a dedicated unique
> > database user account .
> > I would like to store the database connection information (host, database
> > name, user name, password) in an application configuration file which
> > should not be accessible to everybody. The idea is to have the
> > information outside the compiled code so it can be easily updated it if
> > necessary, but protected.
> >
> > This configuration would be application internal (not accessible to the
> > end users like with KConfig).
> >
> > Does anyone know how to do this?
>
> I don't understand the problem clearly.  The app, running as the user,
> needs to be able to access the configuration information, but the user
> himself should not be able to read it? To change it?  Why not?  Or should
> only other users on the system be unable to read/edit the database
> configuration?
>
> Also kde-devel is the list for application developement.
>
> Will

I am sorry if I was not clear, I will try to clarify.

My application will have multiple users but internally the database will be 
accessed through a unique dedicated database account.

unix user1	-->
unix user2	-->	application --- dedicated database user ---> database
unix user3	-->

This way, my application only needs to have the database connection 
information (user/password) of the dedicated database user. Plus, of course, 
the general database connection information (host, database name).

You see that the database connection information is not something to be 
modified by the end users, it is independent of the user connecting to the 
application.

Now I have to solutions:

1/ I hard code in the application the database connection information (host, 
database name, dedicated database user name,dedicated database user 
password).
2/ I externalize the database connection information in a configuration file 
which will be read by the application.

In case of a change in the database connection information (ie: the IP of the 
server hosting the database change), with the solution 1/, I have to 
recompile the application, with the solution 2/ I only have to update the 
configuration file.

Because I think that the solution 2/ is more flexible, I am trying to find a 
way to implement it in a secure way: it is an application development 
question (it is why I posted it on the kde-devel list). 

If I bundle the configuration file with my application, but I do not encrypt 
it, anyone who unpack the application tar ball will be able to use the 
information to connect to the database and mess it up.
My question can may be redefine as:

how can I read an encrypt configuration file in a standard way.

I hope this is clearer, and that you will be able to help me out ;o)

Lynn