1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-14 02:42:40 +01:00

Support PhabricatorOpaqueEnvelope for managing database passwords

Summary: Currently, MySQL/MySQLi connections store passwords in plain text on the object. Allow them to be stored in PhutilOpaqueEnvelopes instead. See D3053.

Test Plan: Loaded site.

Reviewers: vrana, btrahan

Reviewed By: vrana

CC: aran

Differential Revision: https://secure.phabricator.com/D3054
This commit is contained in:
epriestley 2012-07-24 11:13:53 -07:00
parent 5d4a6bcf95
commit 27f6cc3b27
4 changed files with 18 additions and 4 deletions

View file

@ -38,7 +38,6 @@ $args->parseStandardArguments();
$conf = PhabricatorEnv::newObjectFromConfig('mysql.configuration-provider'); $conf = PhabricatorEnv::newObjectFromConfig('mysql.configuration-provider');
$default_user = $conf->getUser(); $default_user = $conf->getUser();
$default_password = $conf->getPassword();
$default_host = $conf->getHost(); $default_host = $conf->getHost();
$default_namespace = PhabricatorLiskDAO::getDefaultStorageNamespace(); $default_namespace = PhabricatorLiskDAO::getDefaultStorageNamespace();
@ -62,7 +61,6 @@ try {
'name' => 'password', 'name' => 'password',
'short' => 'p', 'short' => 'p',
'param' => 'password', 'param' => 'password',
'default' => $default_password,
'help' => 'Use __password__ instead of the configured default.', 'help' => 'Use __password__ instead of the configured default.',
), ),
array( array(
@ -85,10 +83,18 @@ try {
exit(77); exit(77);
} }
if ($args->getArg('password') === null) {
// This is already a PhutilOpaqueEnvelope.
$password = $conf->getPassword();
} else {
// Put this in a PhutilOpaqueEnvelope.
$password = new PhutilOpaqueEnvelope($args->getArg('password'));
}
$api = new PhabricatorStorageManagementAPI(); $api = new PhabricatorStorageManagementAPI();
$api->setUser($args->getArg('user')); $api->setUser($args->getArg('user'));
$api->setHost($default_host); $api->setHost($default_host);
$api->setPassword($args->getArg('password')); $api->setPassword($password);
$api->setNamespace($args->getArg('namespace')); $api->setNamespace($args->getArg('namespace'));
try { try {

View file

@ -38,7 +38,7 @@ final class DefaultDatabaseConfigurationProvider
} }
public function getPassword() { public function getPassword() {
return PhabricatorEnv::getEnvConfig('mysql.pass'); return new PhutilOpaqueEnvelope(PhabricatorEnv::getEnvConfig('mysql.pass'));
} }
public function getHost() { public function getHost() {

View file

@ -52,7 +52,11 @@ final class AphrontMySQLDatabaseConnection
$user = $this->getConfiguration('user'); $user = $this->getConfiguration('user');
$host = $this->getConfiguration('host'); $host = $this->getConfiguration('host');
$database = $this->getConfiguration('database'); $database = $this->getConfiguration('database');
$pass = $this->getConfiguration('pass'); $pass = $this->getConfiguration('pass');
if ($pass instanceof PhutilOpaqueEnvelope) {
$pass = $pass->openEnvelope();
}
$conn = @mysql_connect( $conn = @mysql_connect(
$host, $host,

View file

@ -50,7 +50,11 @@ final class AphrontMySQLiDatabaseConnection
$user = $this->getConfiguration('user'); $user = $this->getConfiguration('user');
$host = $this->getConfiguration('host'); $host = $this->getConfiguration('host');
$database = $this->getConfiguration('database'); $database = $this->getConfiguration('database');
$pass = $this->getConfiguration('pass'); $pass = $this->getConfiguration('pass');
if ($pass instanceof PhutilOpaqueEnvelope) {
$pass = $pass->openEnvelope();
}
$conn = @new mysqli( $conn = @new mysqli(
$host, $host,