http://forums.scoutapp.com/forums/2/topics/13 en-us 60 <p>A couple of ideas:</p> <p>A. Have the plugin read the password from a file off the disk. For each machine Scout is monitoring, put that password file somewhere only the Scout client user has access to.</p> <p>B. Set the DB password in an environment variable in the Scout user&#8217;s crontab, or just in the crontab line for Scout. Use the password from env in your plugin script.</p> Thu, 08 May 2008 18:44:36 -0000 forums.scoutapp.com:2:13:34 rafi http://forums.scoutapp.com/forums/2/topics/13 <p>Of course, I found the &#8220;How does Scout approach security?&#8221; mere minutes after posting this. :-) I think that answers most of my questions. Still not quote confident that I want DB passwords in my plugins. Anyone else have a favorite solution to that issue?</p> Wed, 07 May 2008 21:32:17 -0000 forums.scoutapp.com:2:13:33 wkoffel http://forums.scoutapp.com/forums/2/topics/13 <p>What can the admins tell us about plugin security? For example, I&#8217;d like to execute some DB queries directly in a plugin (not necessary to load my whole Rails environment). But to do that, I&#8217;d need a DB password in the plugin.</p> <p>I haven&#8217;t sniffed to see, but are the connections that the scout client makes encrypted?</p> <p>How about the security of the plugin store at scoutapp.com? Would it be inadvisable to store proprietary information in a plugin to be distributed by the scout server?</p> Wed, 07 May 2008 21:23:23 -0000 forums.scoutapp.com:2:13:32 wkoffel http://forums.scoutapp.com/forums/2/topics/13