-1 If the database credentials reside in the ruby environment files then we would be committing our database passwords into the repository. Anyone with read access to the source code now has credentials to the db. I'm skeptical of overly paranoid security measures, but this to me this just seems blatantly a bad practice.
On Jun 12, 2008, at 4:03 PM, Jack Danger Canty wrote: > > I see significant downsides to the pure ruby config: > > It seems there are a lot of deployment-time concerns here. Would it > help if there was a Rake task to dump database.yml for a given > environment? > > The assumption here is that all servers in a given environment are > configured with the same db credentials. That's usually but not > always true. > > The database.yml file is a pure configuration file and it covers a > very specific domain. It doesn't make sense to me that it would be > rubified just to be consistent with the rest of the initialization > process. > > Has anyone actually needed this ruby database configuration > functionality? > > -1 > > ::Jack Danger > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email to rubyonrails-core@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en -~----------~----~----~----~------~----~------~--~---
