[Nitro] sqlserver.rb patch

Brian Takita brian.takita at gmail.com
Fri Jun 3 16:27:46 EDT 2005


Hello,

Here is a patch that adds integrated security to sql server connections.
Putting id/passwords in source files can be a security vulnerability which 
integrated security fixes.

Integrated security is an "essential" feature, or at least a best practice, 
to many shops that use Sql Server. I hope integrated security gets added to 
the main distribution in some form or another.

Thank you,
Brian Takita

--- sqlserver.orig.rb 2005-06-03 13:13:15.796875000 -0700
+++ sqlserver.rb 2005-06-03 13:15:20.187500000 -0700
@@ -86,7 +86,14 @@
super

begin
- @conn = DBI.connect("DBI:ADO:Provider=SQLOLEDB;Data 
Source=#{options[:address]};Initial Catalog=#{options[:name]};User 
Id=#{options[:user]};Password=#{options[:password]};")
+ conn_str = "DBI:ADO:Provider=SQLOLEDB;Data 
Source=#{options[:address]};Initial Catalog=#{options[:name]};"
+ if config[:integrated_security] == true
+ conn_str += "Integrated Security=SSPI;"
+ else
+ conn_str += "User Id=#{options[:user]};Password=#{options[:password]};"
+ end
+ 
+ @conn = DBI.connect(conn_str)
rescue => ex
# gmosx, FIXME: drak, fix this!
if ex.to_s =~ /database .* does not exist/i
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://rubyforge.org/pipermail/nitro-general/attachments/20050603/cd2f4869/attachment.html 


More information about the Nitro-general mailing list