aubertc
commented
1 year ago Note that our github action now uses the pair testuser / password, and does not read the login / password from the xml file.
Closed aubertc closed 1 year ago
aubertc
commented
1 year ago Note that our github action now uses the pair testuser / password, and does not read the login / password from the xml file.
MNSleeper
commented
1 year ago This would mean we don't need to include the LoginInfo.xml document? If not, I might suggest keeping it for users that, for some reason, want their own root to use. To remedy accidental password, include a !*/LoginInfo.xml set of lines in the gitignore. Thoughts?
MNSleeper
commented
1 year ago I suppose I should ask if the Github action affects what users have to do/require any additional coding on my part. I'm not familiar with what a Github action does, but it reads like its only what Github does to run and compile a program.
aubertc
commented
1 year ago This would mean we don't need to include the LoginInfo.xml document? If not, I might suggest keeping it for users that, for some reason, want their own root to use. To remedy accidental password, include a !*/LoginInfo.xml set of lines in the gitignore. Thoughts?
One one hand, having this file is convenient, but not adding it in the repo. puts the burden of having to create it on the user. I've looked around and there are tons of ways of dealing with that, but most of them are complex and un-necessary secure: we are "simply" going to store public data and uses mysql as a tool, nothing in the database is secure.
After reading some, I like the solution posted here. We could do something like :
Template-LoginInfo.xml that contains the default values (testuser and password, so just rename LoginInfo.xml),LoginInfo.xmlLoginInfo.xml, if yes, use the credentials in it,Template-LoginInfo.xml This way, you and I will be able to edit the information in the copy of the file without being tracked, the other users will have a way of inserting their credential without being tracked, and github will be able to use the default credentials.
Thoughts? Do you feel like implementing that? I can give it a go if you prefer to focus on matching.
aubertc
commented
1 year ago I suppose I should ask if the Github action affects what users have to do/require any additional coding on my part. I'm not familiar with what a Github action does, but it reads like its only what Github does to run and compile a program.
You can ignore it for now, and we can chat about it later on.
MNSleeper
commented
1 year ago I have ensured that the logininfo file is deleted from the repo, ignored by the gitignore, and not able to be added. Closing the issue now.
Cf. https://github.com/popbr/data-integration/commit/749a3f0166792ef464694df4bd9248706f4c1367#r88647822