mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-27 16:00:59 +01:00
Support PhabricatorOpaqueEnvelope for managing database passwords
Summary: Currently, MySQL/MySQLi connections store passwords in plain text on the object. Allow them to be stored in PhutilOpaqueEnvelopes instead. See D3053. Test Plan: Loaded site. Reviewers: vrana, btrahan Reviewed By: vrana CC: aran Differential Revision: https://secure.phabricator.com/D3054
This commit is contained in:
parent
5d4a6bcf95
commit
27f6cc3b27
4 changed files with 18 additions and 4 deletions
|
@ -38,7 +38,6 @@ $args->parseStandardArguments();
|
|||
$conf = PhabricatorEnv::newObjectFromConfig('mysql.configuration-provider');
|
||||
|
||||
$default_user = $conf->getUser();
|
||||
$default_password = $conf->getPassword();
|
||||
$default_host = $conf->getHost();
|
||||
$default_namespace = PhabricatorLiskDAO::getDefaultStorageNamespace();
|
||||
|
||||
|
@ -62,7 +61,6 @@ try {
|
|||
'name' => 'password',
|
||||
'short' => 'p',
|
||||
'param' => 'password',
|
||||
'default' => $default_password,
|
||||
'help' => 'Use __password__ instead of the configured default.',
|
||||
),
|
||||
array(
|
||||
|
@ -85,10 +83,18 @@ try {
|
|||
exit(77);
|
||||
}
|
||||
|
||||
if ($args->getArg('password') === null) {
|
||||
// This is already a PhutilOpaqueEnvelope.
|
||||
$password = $conf->getPassword();
|
||||
} else {
|
||||
// Put this in a PhutilOpaqueEnvelope.
|
||||
$password = new PhutilOpaqueEnvelope($args->getArg('password'));
|
||||
}
|
||||
|
||||
$api = new PhabricatorStorageManagementAPI();
|
||||
$api->setUser($args->getArg('user'));
|
||||
$api->setHost($default_host);
|
||||
$api->setPassword($args->getArg('password'));
|
||||
$api->setPassword($password);
|
||||
$api->setNamespace($args->getArg('namespace'));
|
||||
|
||||
try {
|
||||
|
|
|
@ -38,7 +38,7 @@ final class DefaultDatabaseConfigurationProvider
|
|||
}
|
||||
|
||||
public function getPassword() {
|
||||
return PhabricatorEnv::getEnvConfig('mysql.pass');
|
||||
return new PhutilOpaqueEnvelope(PhabricatorEnv::getEnvConfig('mysql.pass'));
|
||||
}
|
||||
|
||||
public function getHost() {
|
||||
|
|
|
@ -52,7 +52,11 @@ final class AphrontMySQLDatabaseConnection
|
|||
$user = $this->getConfiguration('user');
|
||||
$host = $this->getConfiguration('host');
|
||||
$database = $this->getConfiguration('database');
|
||||
|
||||
$pass = $this->getConfiguration('pass');
|
||||
if ($pass instanceof PhutilOpaqueEnvelope) {
|
||||
$pass = $pass->openEnvelope();
|
||||
}
|
||||
|
||||
$conn = @mysql_connect(
|
||||
$host,
|
||||
|
|
|
@ -50,7 +50,11 @@ final class AphrontMySQLiDatabaseConnection
|
|||
$user = $this->getConfiguration('user');
|
||||
$host = $this->getConfiguration('host');
|
||||
$database = $this->getConfiguration('database');
|
||||
|
||||
$pass = $this->getConfiguration('pass');
|
||||
if ($pass instanceof PhutilOpaqueEnvelope) {
|
||||
$pass = $pass->openEnvelope();
|
||||
}
|
||||
|
||||
$conn = @new mysqli(
|
||||
$host,
|
||||
|
|
Loading…
Reference in a new issue