Do not expose the password in workers' url by storing it in an environment variable

8cb2bdf9 · Leo Gordon · 0b57242e · 8cb2bdf9 · 8cb2bdf9
Commit 8cb2bdf9 authored 12 years ago by Leo Gordon
--- a/modules/Bio/EnsEMBL/Hive/Extensions.pm
+++ b/modules/Bio/EnsEMBL/Hive/Extensions.pm
@@ -29,36 +29,38 @@

 use strict;

-#use Bio::EnsEMBL::Utils::Exception;
-#use Bio::EnsEMBL::Analysis;
 use Bio::EnsEMBL::DBSQL::DBConnection;
-#use Bio::EnsEMBL::Hive::URLFactory;


 =head2 Bio::EnsEMBL::DBSQL::DBConnection::url

-  Arg [1]    : none
+  Arg [1]    : String $environment_variable_name_to_store_password_in (optional)
  Example    : $url = $dbc->url;
-  Description: Constructs a URL string for this database connection. Follows
-               the format defined for FTP urls and adopted by
-               
+  Description: Constructs a URL string for this database connection.
  Returntype : string of format  mysql://<user>:<pass>@<host>:<port>/<dbname>
+                             or  sqlite:///<dbname>
  Exceptions : none
  Caller     : general

 =cut

 sub Bio::EnsEMBL::DBSQL::DBConnection::url {
-  my $self = shift;
-
-  return undef unless($self->driver and $self->dbname);
+  my ($self, $psw_env_var_name) = @_;

  my $url = $self->driver . '://';

  if($self->username) {
    $url .= $self->username;
-    $url .= ":".$self->password if($self->password);
-    $url .= "@";
+
+    if(my $psw_expression = $self->password) {
+        if($psw_env_var_name) {
+            $ENV{$psw_env_var_name} = $psw_expression;
+            $psw_expression = '${'.$psw_env_var_name.'}';
+        }
+        $url .= ':'.$psw_expression if($psw_expression);
+    }
+
+    $url .= '@';
  }
  if($self->host) {
    $url .= $self->host;

--- a/scripts/beekeeper.pl
+++ b/scripts/beekeeper.pl
@@ -144,12 +144,13 @@ sub main {
             and $self->{'db_conf'}->{'-user'}
             and $self->{'db_conf'}->{'-dbname'}) { # connect to database specified
                    $self->{'dba'} = Bio::EnsEMBL::Hive::DBSQL::DBAdaptor->new( %{$self->{'db_conf'}} );
-                    $self->{'url'} = $self->{'dba'}->dbc->url;
    } else {
        print "\nERROR : Connection parameters (reg_conf+reg_alias, url or dbhost+dbuser+dbname) need to be specified\n\n";
        script_usage(1);
    }

+    $self->{'safe_url'} = $self->{'dba'}->dbc->url('WORKER_PASSWORD');
+
    my $queen = $self->{'dba'}->get_Queen;

    my $pipeline_name = destringify(
@@ -297,7 +298,7 @@ sub generate_worker_cmd {
    if ($self->{'reg_alias'}) {     # then we pass the connection parameters:
        $worker_cmd .= ' -reg_alias '. $self->{'reg_alias'};
    } else {
-        $worker_cmd .= ' -url '. $self->{'url'};
+        $worker_cmd .= ' -url '. $self->{'safe_url'};
    }

    foreach my $worker_option ('job_limit', 'life_span', 'retry_throwing_jobs', 'compile_module_once', 'hive_log_dir', 'debug') {