On Sun, Mar 10, 2002 at 06:12:58AM +0100, Welcor wrote:
>From: "Artovil" <artovil@ARCANEREALMS.ORG>
>Well, I'm neither Peter, George nor Daniel, but I checked out the link
>and I noticed this in the my_sql section:
>
>/* snip */
>/* MySQL database settings */
>#define MYSQL_HOST "localhost" // database server name
>#define MYSQL_DB "YOUR_DATABASE" // database name
>#define MYSQL_USERID "YOUR_USERNAME" // database user id
>#define MYSQL_PASSWD "YOUR_PASSWORD" // userid password
>/* snip */
>
>Is it just me being paranoid, or is this a bit unsafe ?
Hideously unsafe, actually.
Why not just do something simple like this?
lib/etc/sql_cnf:
db:mud
user:mudadmin
passwd:easy2hack
host:localhost
then something like:
--- mailer code ---
void load_sql(void) {
FILE *fp; char *tag, *value, line[20];
if(!fp=fopen(LIB_ETC"sql.cnf")) {log("no sql config file"); exit(1); }
while(fgets(line, 20, fp)) {
line[strlen(line)-1] = '\0';
tag=strtok(line,":"); value=strtok(NULL, "\0");
if(!strcmp(tag, "db")) sql_db = strdup(value);
elseif(!strcmp(tag, "user")) sql_user=strdup(value);
else if (repeat for any other values)
else log("What the hell is '%s' doing in here?", tag);
}
fclose(fp);
}
--
+---------------------------------------------------------------+
| FAQ: http://qsilver.queensu.ca/~fletchra/Circle/list-faq.html |
| Archives: http://post.queensu.ca/listserv/wwwarch/circle.html |
| Newbie List: http://groups.yahoo.com/group/circle-newbies/ |
+---------------------------------------------------------------+
This archive was generated by hypermail 2b30 : 06/25/03 PDT