Menu
▾
▴
Re: [Tsheetx-developers] Database Config Tables
|
From: Mark W. <ma...@rw...> - 2011-02-15 17:53:28
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#ffffff">
Hi Scott, <br>
<br>
I think there is a potential security issue placing db credentials
in an ini file. The htaccess file has to be set to ensure that the
ini file cannot be seen from the outside, whereas if the credentials
are in a php file then this isn't a possibility. Where is the added
value of moving the relativeRoot and absoluteRoot into an array
called self::$roots? The relativeRoot and documentRoot are pretty
integral to how the paths throughout this version of tsng operate.
By merging them into an array, it starts to disguise exactly what
they do. At least with individual variables you get the javadoc
style comments that add understanding to the code. Also if
everything is properly commented in this fashion:<br>
<br>
/**<br>
* the document root is the filesystem path to the website
directory<br>
* i.e. /home/mark4703/public_html/minisite<br>
*/<br>
protected static $documentRoot;<br>
<br>
then the site codebase can be run through an app such as phpdoc to
generate a full set of API webpages. I assume you use eclipse so
get all the code auto completion features?<br>
<br>
I guess the config stuff could be reduced to less files. i.e.
config.class and config.factory.class could be merged into
config.class.php.<br>
We still need defaults for everything though and I think it would be
better to set them in config.factory.class rather than store them in
a ini. If all the defaults are present and then the config variables
are loaded on top, there is no chance of missing parameters.<br>
<br>
Do you not like the object orientated alternative to an ini?:<br>
parent::$dbServer = 'localhost';<br>
<br>
<br>
This is quite similar to how the db credentials are currently saved
and is the similar to how all the major php apps that I know of save
their configuration data, i.e. wordpress, mantis, xoops, drupal.<br>
<br>
Regards<br>
Mark Wrightson<br>
<pre class="moz-signature" cols="72">_____________________________________________
Mob: 07725 695178
Email: <a class="moz-txt-link-abbreviated" href="mailto:ma...@rw...">ma...@rw...</a></pre>
<br>
On 15/02/2011 17:28, Scott Miller wrote:
<blockquote
cite="mid:AAN...@ma..."
type="cite">Oh, I'm also thinking we should attempt to put as much
config stuff into associative arrays as we can, so, I was starting
to look at moving the DB credentials into a $self->DB['user']
$self->DB['passwd'] etc type structure, and the relativeRoot,
absoluteRoot stuff into $self->Roots['relative'] structure...<br>
<br>
-Scott<br>
<br>
<div class="gmail_quote">On Tue, Feb 15, 2011 at 5:22 PM, Scott
Miller <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:sco...@gm...">sco...@gm...</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt
0.8ex; border-left: 1px solid rgb(204, 204, 204);
padding-left: 1ex;">
Hey Mark,<br>
<br>
I'm in Omaha, NE, in the heart of the US<br>
<br>
I've been wrestling with understanding enough of the 2.0 stuff
to be able to put the "new" db config code into it so I could
check it in, but the heart of what I've done was in the
email. The rest was just using the public variables, which we
don't want to do that way.<br>
My vision would be to load the DB config from an INI file
using parse_ini_file, then init the DB with that info, then
load the config from the DB similar to what I'd already done,
then create get functions for the various config items.<br>
I'm currently thinking all that config loading stuff may as
well be in a single config class...<br>
<font color="#888888"><br>
-Scott</font>
<div>
<div class="h5"><br>
<br>
<div class="gmail_quote">On Tue, Feb 15, 2011 at 5:16 PM,
Mark Wrightson <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:ma...@rw..."
target="_blank">ma...@rw...</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt
0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204);
padding-left: 1ex;">Hi Scott,<br>
<br>
I thought I would drop you an email to ask what
position you were in regards to updating the config
database table?<br>
last night in my work to update the installer I had to
write a small amount of code along the lines of what
you are working on.<br>
<br>
I made the following additions to config.class.php<br>
<br>
<br>
One new function:<br>
<br>
public static function getDbConfig(){<br>
<br>
$q = "SELECT * FROM ".tbl::getNewConfigTable();<br>
<br>
$data = Site::getDatabase()->sql($q,true,
MySQLDB::TYPE_OBJECT);<br>
if($data == MySQLDB::SQL_EMPTY || $data ==
MySQLDB::SQL_ERROR)return;<br>
<br>
foreach($data as $obj){<br>
<br>
if($obj->name == 'version'){<br>
parent::$databaseVersion =
$obj->value;<br>
self::runVersionCheck();<br>
}<br>
<br>
//more config variables to be stored into
the<br>
//config class or config.factory.class<br>
<br>
<br>
}<br>
<br>
<br>
}<br>
<br>
<br>
and in /index.php<br>
<br>
Config::getDbConfig(); on the line after the database
has been instantiated. (self::$database = new
MySQLDB();)<br>
<br>
so:<br>
self::$database = new MySQLDB();<br>
Config::getDbConfig();<br>
<br>
I realised that the database stored can't be done when
config is initialised as the database hasn't been
connected at this point.<br>
There is then a reverse dependency that prevents the
database from connecting until config has been
initialised.<br>
<br>
Therefore the program flow had to be:<br>
1. init Config<br>
2. init Database<br>
3. get database stored config<br>
<br>
What I would like to do is align this with the updates
you are working on. I have populated my new temporary
config table with just ('version','1.5.3')<br>
<br>
Finally, what country are you based in scott? I'm in
the UK.<br>
<br>
Cheers<br>
Mark<br>
<font color="#888888">
<br>
-- <br>
_____________________________________________<br>
<br>
Mob: 07725 695178<br>
Email: <a moz-do-not-send="true"
href="mailto:ma...@rw..."
target="_blank">ma...@rw...</a><br>
<br>
</font></blockquote>
</div>
<br>
</div>
</div>
</blockquote>
</div>
<br>
</blockquote>
</body>
</html>
|
