0

I'd like to have a page in my rails application on which users can enter a mysql database ip, username and password. These credentials are safely stored somewhere and then rails connect to the database and can run some sql statements.

Where should I store the credentials and how can I connect to that database with Ruby on rails? There is no predefined models for that database and I don't need to use the active record modeling

Thanks!

Stephane Maarek
  • 5,202
  • 9
  • 46
  • 87

2 Answers2

2

Thats my first idea. Maybe that gives you a little idea how to. There are a few other ways, for sure.

Save the Data somewhere (inside a database) https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet Encrypt, decrypt using Rails

so now the u can set the password in save way User.password = "plaintext" and also you can receive it with User.password

class User
  # password field is called "crypted_password"
  def password= val
   self.crypted_password = 
    ActiveSupport::MessageEncryptor.new(Rails.configuration.secret_key_base).encrypt_and_sign(val)
  end

  def password
    ActiveSupport::MessageEncryptor.new(Rails.configuration.secret_key_base).decrypt_and_verify(self.crypted_password)
  end
end

user = User.find(1337)
mysql = DatabaseConnection.new user.host, user.username, user.password
result = mysql.get_users(50)
raise result.inspect

use the gem mysql2 for accessing mysql-databases https://github.com/brianmario/mysql2

create a DatabaseWrapper to connecto to users Database

class DatabaseConnection

  def initialize host, username, password
    @@connection = Mysql2::Client.new host: host, username: username, password: password
  end

  end
  def run statement
    @@connection.query statement
  end

  def get_users limit=100
   run "select * from users where flag=true limit #{limit}"
  end
end
Community
  • 1
  • 1
Tim Kretschmer
  • 2,272
  • 1
  • 22
  • 35
0

Probably you want one Rails app that has an app database, and also has a bunch of user databases. The user db credentials would be stored in the app database. You will want to store a hash of the db passwords, not the clear text.

For how to allow users to connect to their databases, I recommend searching with Google. I would look for examples from the internet of people using multiple databases in a rails app, and how they do the connection logic. You might be able to work it out from there, or after trying post a more detailed and specific question on SO.

Also I would look for whether there is a limit on the number of databases you can have or the number of database connections that can be happening at once. These limitations might be imposed by the server you use, if not by rails or the underlying db software.

Toby 1 Kenobi
  • 4,717
  • 2
  • 29
  • 43
  • if he is hashing it, he has no chance to revert it. plaintext is obv really bad, he could use something like this http://stackoverflow.com/questions/5492377/encrypt-decrypt-using-rails – Tim Kretschmer Sep 13 '15 at 02:52
  • Using a hash for passwords is common practice. The fact that no one can retrieve a password without knowing what it is adds to the security of it. But it does mean he'll have to set up a verification system for forgotten password changing. – Toby 1 Kenobi Sep 13 '15 at 03:16
  • no. u use a hash to then use the hash(input_from_user) == hashed_password. but here its clear that you can't go hashing, since you can't revert it, and the user doesnt type in his password again. just once. – Tim Kretschmer Sep 13 '15 at 03:34