From: Warren Young
Date: September 5 2008 5:35pm
Subject: Re: How to protect database information in open source projects
List-Archive: http://lists.mysql.com/plusplus/7930
Message-Id: <48C16DD8.1090105@etr-usa.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Jean-Sebastien Stoezel wrote:
> 
> I would like to use mysql++ in an open source project, however I am
> not to sure how to protect the database from the users.

I may be misreading this, but it sounds like you have an adversarial 
relationship with your users.  Open source doesn't work in that context.

One distributes open source so that "the users" can build the program 
and run it on their machines.  Since they own the machines, they have 
the ability to do anything they like.  It doesn't matter where the 
password is, it's their machine, they have the ability to read or change 
anything on it.

Perhaps you are conflating multiple classes of users into a single 
undifferentiated entity?  If you have administrative users who can start 
your program and other users who can just use it, you can just create a 
password file readable only by the administrator.  When the 
administrator starts the program, it reads its password from the 
protected password file, logs into the DB, and allows the end users to 
use it.  This way, it doesn't matter if the non-admin users can read the 
program binary or the source code.

You don't have to reinvent this wheel.  MySQL already supports such a thing:

	http://dev.mysql.com/doc/refman/5.0/en/option-files.html

If you want to put it somewhere other than one of the default locations, 
or name it something else, you can pass a ReadDefaultFileOption option 
object to Connection::set_option().