Hi,

Here is the use case...
We provide a phpmyadmin interface to access data bases used by hosted sites in Aegir. The clients don't have shell access, so they cannot use drush to connect to the DB neither to get their username/password to use them with phpmyadmin. The only interfaces they have are Aegir's frontend (web interface) and their Drupal site. They would like to know their DB username/password so they can log in phpmyadmin. Even if we manually give this information, it would change everytime we migrate their site.

One solution would be this Drupal module:
Robin Millette's sandbox: DB Login
http://drupal.org/sandbox/millette/1157114
But this module sends the information through their Drupal site, in clear text.

Would it be possible to think about a way to include the idea of this module directly into Aegir, so every site would be able to get their DB username/password through Aegir's frontend (web interface) which is available (forced) through HTTPS?

Comments

j0nathan’s picture

j0nathan CreditAttribution: j0nathan commented

My use case is like #1139324: Easy way to find database username/login.

Robin Millette’s picture

Robin Millette CreditAttribution: Robin Millette commented

Not knowing enough about aegir, I can point to http://wiki.phpmyadmin.net/pma/Auth_types providing better pma integration. I would like to know more about aegir to fix this. You know where to find me :)

anarcat’s picture

anarcat CreditAttribution: anarcat commented
Status: Active » Postponed (maintainer needs more info)

I am hesitant in implementing this. It would mean adding cleartext passwords for *all* sites in the frontend database, which would grow the database and potentially make it more vulnerable...

I prefer to provide Robin's module to sites so they can enable it themselves... No?

ergonlogic’s picture

ergonlogic
he/him
Primary language English
Location Montréal, Québec 🇨🇦
CreditAttribution: ergonlogic commented
Version: 6.x-0.4-alpha3 » 6.x-2.x-dev
Status: Postponed (maintainer needs more info) » Fixed

Keeping all the site DB credentials in the Aegir front-end just seems like asking for trouble. So, I implemented a solution using dblogin.module: https://drupal.org/project/hosting_dblogin. It basically just checks to see whether dblogin is installed and enabled on a site, and if so, provides a link to the /admin/dblogin page on the site. It should work with SSL if it's enabled on the site, but I haven't been able to test this yet.

As such, I'm closing this feature request, and any missing features (etc.) can be discussed over in the contrib module's issue queue.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.