What can the admins tell us about plugin security? For example, I’d like to execute some DB queries directly in a plugin (not necessary to load my whole Rails environment). But to do that, I’d need a DB password in the plugin.

I haven’t sniffed to see, but are the connections that the scout client makes encrypted?

How about the security of the plugin store at scoutapp.com? Would it be inadvisable to store proprietary information in a plugin to be distributed by the scout server?

Of course, I found the “How does Scout approach security?” mere minutes after posting this. :-) I think that answers most of my questions. Still not quote confident that I want DB passwords in my plugins. Anyone else have a favorite solution to that issue?

A couple of ideas:

A. Have the plugin read the password from a file off the disk. For each machine Scout is monitoring, put that password file somewhere only the Scout client user has access to.

B. Set the DB password in an environment variable in the Scout user’s crontab, or just in the crontab line for Scout. Use the password from env in your plugin script.