* Corrected documentation regarding database. #534
Conversation
nolantellis
commented
Oct 28, 2020
nolantellis
commented
- Corrected code to include new liquibase user.
- corrected documentation
* Corrected code to include new liquibase user.
site.properties
Outdated
| #jdbc.driver = com.mysql.jdbc.Driver | ||
| #jdbc.url = jdbc:mysql://localhost:3306/apromore?createDatabaseIfNotExist=true&autoReconnect=true&allowMultiQueries=true&rewriteBatchedStatements=true&characterEncoding=utf-8 | ||
| #jdbc.username = root | ||
| #jdbc.password = MAcri | ||
| # | ||
| #jpa.database = MYSQL | ||
| #jpa.databasePlatform = org.eclipse.persistence.platform.database.MySQLPlatform | ||
| #jpa.showSql = false | ||
| #jpa.generateDDL = false |
There was a problem hiding this comment.
Why don't we use the same 'apromore' user like H2 instead of 'root'?
There was a problem hiding this comment.
Can it is named "liquibase_user" instead of "db_user" (it is full privileges)? The name will be shown in the database management tool for information as well.
There was a problem hiding this comment.
I am not sure how it became root. Changeing that back to apromore. It was a mistake.
db_user is just a name. And looking at the Docs of mysql about the privileges, All privileges is the right 1. (i.e ALL privileges does not include create user.)
There was a problem hiding this comment.
Corrected to liquibase_usr
site.properties
Outdated
| ## Liquibase User Mysql | ||
| #liquibase.jdbc.username = db_user | ||
| #liquibase.jdbc.password = 7fHJV41fpJ | ||
|
|
There was a problem hiding this comment.
'7fHJV41fpJ': is it an encrypted value of the password or is it the password? If it is the password, then it should be encrypted as it can be seen easily in this file (it is full privileges).
There was a problem hiding this comment.
Its just a random passowrd. encryption is a different logic which we can consider later. Its not in this scope
There was a problem hiding this comment.
Ok if it's a low security risk for showing password of an "All privileges" user in a text file. Any justification?
There was a problem hiding this comment.
The use is excactly the same as apromore user at this time.
All previleges is only for apromore db, and as per the mysql5.7 doc All privilege is DML and DDL and not USER management.
I Agree this is not the right way, but thats another scope to consider not only for liquibase but also for apromore user.
There was a problem hiding this comment.
https://dev.mysql.com/doc/refman/5.7/en/grant.html (Table 13.8, the "Level" information). There's a risk of losing data due to password is revealed in plain text file for 'apromore' and 'liquibase_user', at the same risk level for both users. This risk should be addressed in the future if possible.
Two elements with same @id ("dataSource") in the same XML file is confusing, so removed it from the embedded bean.
…4' into task/update-liquibase-doc/AP-2484
