[OpenSIPS-Users] db_url confusing issue

Brett Nemeroff brett at nemeroff.com
Wed Apr 13 22:12:36 CEST 2011


On Wed, Apr 13, 2011 at 2:55 PM, Bogdan-Andrei Iancu <bogdan at opensips.org>wrote:

>  Hi Brett,
>
> Believe it or not, but this happened to my too, several times.
>
> IMHO, the proper approach will be have an empty db_url for the modules, so
> that you may get a warning or so when trying to use a module without
> explicitly setting the db_url.....
>
> Default, hidden params may be dangerous here....
>
>
Heh, I'm glad to hear that actually. I felt pretty crazy for about 10
minutes trying to figure out what what going on. :)

I agree with you. I think default db_urls are asking for trouble:
1. If it does work, you by design have a security flaw (everyone knows your
DB credentials)
2. If it doesn't work, there's no way of telling what exactly it's doing
(where did the params come from)

I think I understand the reasoning behind the default db_urls as it pertains
the to auto installation of the database. But perhaps those processes should
be better linked. Like default db_url can be imported from opensipsctlrc :D
That's probably out of the 1.X realm eh?

In my personal opinion, default db_urls allow for sloppy coding that
probably helps new users get started quicker. But probably also will lead
them down the path of not setting up the connections properly (securely).

That's my $0.02
-Brett
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20110413/96150b7a/attachment.htm>


More information about the Users mailing list