Support PhabricatorOpaqueEnvelope for managing database passwords

Summary: Currently, MySQL/MySQLi connections store passwords in plain text on the object. Allow them to be stored in PhutilOpaqueEnvelopes instead. See D3053. Test Plan: Loaded site. Reviewers: vrana, btrahan Reviewed By: vrana CC: aran Differential Revision: https://secure.phabricator.com/D3054
2012-07-24 11:13:53 -07:00
parent 5d4a6bcf95
commit 27f6cc3b27
4 changed files with 18 additions and 4 deletions
--- a/scripts/sql/manage_storage.php
+++ b/scripts/sql/manage_storage.php
@@ -38,7 +38,6 @@ $args->parseStandardArguments();
 $conf = PhabricatorEnv::newObjectFromConfig('mysql.configuration-provider');

 $default_user       = $conf->getUser();
-$default_password   = $conf->getPassword();
 $default_host       = $conf->getHost();
 $default_namespace  = PhabricatorLiskDAO::getDefaultStorageNamespace();

@@ -62,7 +61,6 @@ try {
        'name'    => 'password',
        'short'   => 'p',
        'param'   => 'password',
-        'default' => $default_password,
        'help'    => 'Use __password__ instead of the configured default.',
      ),
      array(
@@ -85,10 +83,18 @@ try {
  exit(77);
 }

+if ($args->getArg('password') === null) {
+  // This is already a PhutilOpaqueEnvelope.
+  $password = $conf->getPassword();
+} else {
+  // Put this in a PhutilOpaqueEnvelope.
+  $password = new PhutilOpaqueEnvelope($args->getArg('password'));
+}
+
 $api = new PhabricatorStorageManagementAPI();
 $api->setUser($args->getArg('user'));
 $api->setHost($default_host);
-$api->setPassword($args->getArg('password'));
+$api->setPassword($password);
 $api->setNamespace($args->getArg('namespace'));

 try {