[OpenSIPS-Users] db_url confusing issue

Bogdan-Andrei Iancu bogdan at opensips.org
Wed Apr 13 22:22:33 CEST 2011


On 04/13/2011 11:12 PM, Brett Nemeroff wrote:
> On Wed, Apr 13, 2011 at 2:55 PM, Bogdan-Andrei Iancu 
> <bogdan at opensips.org <mailto:bogdan at opensips.org>> wrote:
>
>     Hi Brett,
>
>     Believe it or not, but this happened to my too, several times.
>
>     IMHO, the proper approach will be have an empty db_url for the
>     modules, so that you may get a warning or so when trying to use a
>     module without explicitly setting the db_url.....
>
>     Default, hidden params may be dangerous here....
>
>
> Heh, I'm glad to hear that actually. I felt pretty crazy for about 10 
> minutes trying to figure out what what going on. :)
>
> I agree with you. I think default db_urls are asking for trouble:
> 1. If it does work, you by design have a security flaw (everyone knows 
> your DB credentials)
> 2. If it doesn't work, there's no way of telling what exactly it's 
> doing (where did the params come from)
>
> I think I understand the reasoning behind the default db_urls as it 
> pertains the to auto installation of the database. But perhaps those 
> processes should be better linked. Like default db_url can be imported 
> from opensipsctlrc :D That's probably out of the 1.X realm eh?
>
> In my personal opinion, default db_urls allow for sloppy coding that 
> probably helps new users get started quicker. But probably also will 
> lead them down the path of not setting up the connections properly 
> (securely).
>
Or maybe, to make everyone happy, to have a global cfg parameter for 
defining a default db_url. This will be used to populate the db_urls 
from the module.

So, the default value will be explicitly set in the opensips cfg -> no 
way to miss it, also easy to roll out a simple default cfg.

Regards,
Bogdan


-- 
Bogdan-Andrei Iancu
OpenSIPS eBootcamp - 2nd of May 2011
OpenSIPS solutions and "know-how"

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20110413/8aff4a77/attachment.htm>


More information about the Users mailing list