<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css" style="display:none;"><!-- P {margin-top:0;margin-bottom:0;} --></style>
</head>
<body dir="ltr">
<div id="divtagdefaultwrapper" style="font-size:12pt;color:#000000;background-color:#FFFFFF;font-family:Calibri,Arial,Helvetica,sans-serif;">
<p>Hi Joshua,</p>
<p><br>
</p>
<p>Agreed that the password should be removed from the URL being printed to the log. </p>
<p><br>
</p>
<p>The config.rb file is a ruby file that's interpreted by the application. So if you don't want the password stored in this file as text, you can always do something like store it in an environment variable, encrypt it, or store it a file in another location.
You should also lock down the file level permission on application, and you can also lock down the access to the MySQL to only allow specific users from specific IPs. </p>
<p><br>
</p>
<p>b,chris. <br>
</p>
<p><br>
</p>
<div id="Signature">
<div name="divtagdefaultwrapper" style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:; margin:0">
<div class="BodyFragment"><font size="2">
<div class="PlainText">Chris Fitzpatrick | <font size="2">Developer, ArchivesSpace</font><br>
Skype: chrisfitzpat | Phone: 918.236.6048<br>
http://archivesspace.org/<br>
</div>
</font></div>
</div>
</div>
<br>
<br>
<div style="color: rgb(0, 0, 0);">
<hr tabindex="-1" style="display:inline-block; width:98%">
<div id="divRplyFwdMsg" dir="ltr"><font style="font-size:11pt" face="Calibri, sans-serif" color="#000000"><b>From:</b> archivesspace_users_group-bounces@lyralists.lyrasis.org <archivesspace_users_group-bounces@lyralists.lyrasis.org> on behalf of Joshua D. Shaw
<Joshua.D.Shaw@dartmouth.edu><br>
<b>Sent:</b> Thursday, August 6, 2015 8:09 PM<br>
<b>To:</b> Archivesspace Users Group<br>
<b>Subject:</b> [Archivesspace_Users_Group] Turn off Logging of db username and password</font>
<div> </div>
</div>
<div>
<div>
<div>
<div>Does anyone know of a way to turn off the logging of the mysql database username and password in the output log? I've set my log level to "fatal" in the config file, but I still see the username and password. I'd love to know if there's away to remove
this as its (potentially) another security hole - along with having the username and password in clear text in the config file.</div>
<div><br>
</div>
<div>Thanks!</div>
<div>Joshua</div>
<div>
<div id="MAC_OUTLOOK_SIGNATURE"></div>
</div>
</div>
</div>
</div>
</div>
</div>
</body>
</html>