如何让 rapache/brew 安全地连接到 MySQL 数据库?
我正在使用 rapache 和brew 开发一个Web 应用程序。在 R 代码中,我想使用 RMySQL 包来查询 MySQL 数据库,但我质疑从 R 脚本中访问数据库登录详细信息的最佳方法。
根据针对 PHP 的类似问题的一些建议,一种想法是在交互式会话中执行以下操作,将连接详细信息保存到 /var/www 之外的文件中:
con <- dbConnect(MySQL(), dbname = "mydb", user = "myuser", pass = "mypass")
save(con, file = "/home/myuser/sqlconnect.rda")
然后在 rapache/brew 运行的脚本中,加载 . rda 文件:
<%
load("/home/myuser/sqlconnect.rda")
query <- "MY QUERY"
result <- dbGetQuery(con, query)
%>
我没有尝试过这种方法。我什至不确定我的 sqlconnect.rda 文件是否包含连接所需的所有信息。
是否有更安全的方法来设置 dbConnect() 语句?
更新
将 dbConnect() 输出保存到文件不起作用,因为连接已超时。但是,从我的用户目录中 source 获取 .R 文件
library(RMySQL)
con <- dbConnect(MySQL(), dbname = "mydb", user = "myuser", pass = "mypass")
确实有效。
但是,我不知道这种方法的安全性如何。
I'm developing a web application using rapache and brew. Within the R code, I want to use the RMySQL package to query a MySQL database, but I am questioning the best way to access the login details for the database from within the R script.
Following some suggestions for a similar problem with PHP, one thought was to do the following in an interactive session to save the connection details to a file outside of /var/www:
con <- dbConnect(MySQL(), dbname = "mydb", user = "myuser", pass = "mypass")
save(con, file = "/home/myuser/sqlconnect.rda")
And then in the script run by rapache/brew, load the .rda file:
<%
load("/home/myuser/sqlconnect.rda")
query <- "MY QUERY"
result <- dbGetQuery(con, query)
%>
I haven't tried this approach yet. I'm not even sure that my sqlconnect.rda file will contain all of the information that it needs to connect.
Is there a more secure way to set up the dbConnect() statement?
Update
Saving the dbConnect() output to a file does not work, because the connection has timed out. However, sourceing a .R file from my user directory containing
library(RMySQL)
con <- dbConnect(MySQL(), dbname = "mydb", user = "myuser", pass = "mypass")
does work.
However, I don't know how secure this approach is.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
虽然我不明白为什么与在 R 脚本文件中包含用户名/密码相比,您的建议会提高安全性,但您可以存储 dbConnect 函数的参数。示例:
并在您的brew文件中使用这些参数:
当您使用rApache时,在每次运行时加载
con.details没有任何意义,我宁愿将该行放在REvalOnStartup<中/code>,这也可以为您节省这个save/load问题:)所以我建议添加
library(RMySQL); con.details <- list("MySQL", dbname = "mydb", user = "myuser", pass = "mypass")到 rApache 启动并在brew 脚本中使用该参数列表。Although I just do not see why would your suggestion boost security compared to having username/password in the R script file, you could store the parameters of your
dbConnectfunction. Example:And using those parameters in your brew files:
As you are using rApache, loading
con.detailson every run just does not make any sense, I would rather put that line inREvalOnStartup, which could also save you thissave/loadissue :)So I suggest to add
library(RMySQL); con.details <- list("MySQL", dbname = "mydb", user = "myuser", pass = "mypass")to rApache startup and use that parameter list in the brew scripts.