Jean-Sebastien Stoezel wrote:
> I would like to use mysql++ in an open source project, however I am
> not to sure how to protect the database from the users.
I may be misreading this, but it sounds like you have an adversarial
relationship with your users. Open source doesn't work in that context.
One distributes open source so that "the users" can build the program
and run it on their machines. Since they own the machines, they have
the ability to do anything they like. It doesn't matter where the
password is, it's their machine, they have the ability to read or change
anything on it.
Perhaps you are conflating multiple classes of users into a single
undifferentiated entity? If you have administrative users who can start
your program and other users who can just use it, you can just create a
password file readable only by the administrator. When the
administrator starts the program, it reads its password from the
protected password file, logs into the DB, and allows the end users to
use it. This way, it doesn't matter if the non-admin users can read the
program binary or the source code.
You don't have to reinvent this wheel. MySQL already supports such a thing:
If you want to put it somewhere other than one of the default locations,
or name it something else, you can pass a ReadDefaultFileOption option
object to Connection::set_option().