Passwords

Hi,

Does anyone know how to store passwords securely?
I mean, we enter DB usr/pwd in the database.yml and the actionmailer
email usr/pwds in environment.rb
which i think is not safe, considering while development the code is
visible to all developers.

Do we have some mechanism to store all passwords in one place and
encrypt them and securely access through the system?

Thanks,
Pratik

tispratik wrote:


Hi,
Does anyone know how to store passwords securely?
I mean, we enter DB usr/pwd in the database.yml and the actionmailer
email usr/pwds in environment.rb
which i think is not safe, considering while development the code is
visible to all developers.
Do we have some mechanism to store all passwords in one place and
encrypt them and securely access through the system?
Thanks,
Pratik

If your only concern is with the developers having access to the
passwords set up a separate db and mail account for development use
with passwords that they can have access to. Another thought would be
to get reliable developers.

Don't keep database.yml in control version system (svn, cvs). In this
case - only developers who have access to production server - will
have access to it.

Thanks for the inputs Norm and Denix.

Thanks for the inputs Norm and Denix.

In addition to the comments of Norm and Denix, I would simply setup a staging server for developers to

push code to and allow them to have ( SVN | CVS | GIT ) access only. Also, they would also push code

to their own development branch for later merging into the production branch.

Good luck,

-Conrad