bmaitner
commented
7 years ago Hi Steve,
Thanks for the comments and suggestions, and its always great to hear that people are finding the package helpful. Scott Chamberlain of the R Open Science group is currently developing an API (https://github.com/ropensci/bienapi) for BIEN,, so we hope to address the issues you raise soon.
Thanks again for your comment, Brian
SteveViss
Hi @bmaitner,
Nice job on the package. It's helpful for many people. I was looking at the code and I noticed that the host/user/password were stored in it. You should avoid this because it's a breach on your server. For instance, I was able to connect to other dbs (with psql client). You can fix it by playing with the pg_hba.conf. I know that user roles are well set (allowing read only on tables) but you might encounter SQL injection attacks, etc.
Safer solution requires a web service: you should have a look at https://github.com/begriffs/postgrest which allows you to deploy easily a REST API on the top of your db. Then, your RBIEN package will send requests to the REST API (with httr R package) and not directly address the requests to the db (with RPostgreSQL package). Let me know if you need advises on this.
Cheers,