<div class="gmail_quote">On Wed, Apr 13, 2011 at 2:55 PM, Bogdan-Andrei Iancu <span dir="ltr"><<a href="mailto:bogdan@opensips.org">bogdan@opensips.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div bgcolor="#ffffff" text="#000000">
Hi Brett, <br>
<br>
Believe it or not, but this happened to my too, several times.<br>
<br>
IMHO, the proper approach will be have an empty db_url for the
modules, so that you may get a warning or so when trying to use a
module without explicitly setting the db_url.....<br>
<br>
Default, hidden params may be dangerous here....<br><br></div></blockquote><div><br></div><div>Heh, I'm glad to hear that actually. I felt pretty crazy for about 10 minutes trying to figure out what what going on. :) </div>
<div><br></div><div>I agree with you. I think default db_urls are asking for trouble:</div><div>1. If it does work, you by design have a security flaw (everyone knows your DB credentials)</div><div>2. If it doesn't work, there's no way of telling what exactly it's doing (where did the params come from)</div>
<div><br></div><div>I think I understand the reasoning behind the default db_urls as it pertains the to auto installation of the database. But perhaps those processes should be better linked. Like default db_url can be imported from opensipsctlrc :D That's probably out of the 1.X realm eh? </div>
<div><br></div><div>In my personal opinion, default db_urls allow for sloppy coding that probably helps new users get started quicker. But probably also will lead them down the path of not setting up the connections properly (securely).</div>
<div><br></div><div>That's my $0.02</div><div>-Brett</div><div><br></div><div> </div></div>