List:MySQL++« Previous MessageNext Message »
From:Jean-Sebastien Stoezel Date:September 5 2008 6:59pm
Subject:Re: How to protect database information in open source projects
View as plain text  
Hello Warren,

Thank you for your quick and detailed answer.

While I will be distributing the source code - which as you underline
it - can be reviewed and modified by any user, the database this code
is supposed to access will be shared by all the users. This is not a
database that will run locally on the users' machine. This will be a
remote common place to gather information about the users.

As such I am not sure if I can provide enough protection to my
database, using the solution you proposed, since the database will be
accessed remotely...
Unless the C++ code accesses the database with a MySQL user that can
only read the database, not modify it... What's your opinion on this?

Thanks,
Jean



On Fri, Sep 5, 2008 at 12:35 PM, Warren Young <mysqlpp@stripped> wrote:
> Jean-Sebastien Stoezel wrote:
>>
>> I would like to use mysql++ in an open source project, however I am
>> not to sure how to protect the database from the users.
>
> I may be misreading this, but it sounds like you have an adversarial
> relationship with your users.  Open source doesn't work in that context.
>
> One distributes open source so that "the users" can build the program and
> run it on their machines.  Since they own the machines, they have the
> ability to do anything they like.  It doesn't matter where the password is,
> it's their machine, they have the ability to read or change anything on it.
>
> Perhaps you are conflating multiple classes of users into a single
> undifferentiated entity?  If you have administrative users who can start
> your program and other users who can just use it, you can just create a
> password file readable only by the administrator.  When the administrator
> starts the program, it reads its password from the protected password file,
> logs into the DB, and allows the end users to use it.  This way, it doesn't
> matter if the non-admin users can read the program binary or the source
> code.
>
> You don't have to reinvent this wheel.  MySQL already supports such a thing:
>
>        http://dev.mysql.com/doc/refman/5.0/en/option-files.html
>
> If you want to put it somewhere other than one of the default locations, or
> name it something else, you can pass a ReadDefaultFileOption option object
> to Connection::set_option().
>
> --
> MySQL++ Mailing List
> For list archives: http://lists.mysql.com/plusplus
> To unsubscribe:
>  http://lists.mysql.com/plusplus?unsub=1
>
>
Thread
How to protect database information in open source projectsJean-Sebastien Stoezel5 Sep
  • Re: How to protect database information in open source projectsWarren Young5 Sep
    • Re: How to protect database information in open source projectsJean-Sebastien Stoezel5 Sep
      • Re: How to protect database information in open source projectsWarren Young5 Sep