Fix up the password handling in db.py so we connect as a writeable user
locally, and a read-only user from the CGI scripts. Some vague semblences of
security
Signed-off-by: Martin J. Bligh <mbligh@google.com>
git-svn-id: http://test.kernel.org/svn/autotest/trunk@690 592f7852-d20e-0410-864c-8624ca9c26a4
diff --git a/tko/db.py b/tko/db.py
index 375e6b8..f696a42 100644
--- a/tko/db.py
+++ b/tko/db.py
@@ -1,15 +1,19 @@
import MySQLdb, re, os, sys
-tko_host = ''
-tko_user = ''
-tko_passwd = ''
-tko_db = 'tko'
-
class db:
- def __init__(self, debug = False):
+ def __init__(self, database='tko', host='localhost', debug = False):
self.debug = debug
- self.con = MySQLdb.connect(host=tko_host, user=tko_user,
- passwd=tko_passwd, db=tko_db)
+
+ try:
+ login = open('.login', 'r')
+ user = login.readline().rstrip()
+ password = login.readline().rstrip()
+ except:
+ user = 'nobody'
+ password = ''
+
+ self.con = MySQLdb.connect(host=host, user=user,
+ passwd=password, db=database)
self.cur = self.con.cursor()
# if not present, insert statuses