Menu
Though I don't know what the SO quorum would be, the question itself is simple: How do y'all handle passwords in db connection string when you connect to a database from R?
Tutorials often show an example like this.
con <- dbConnect(MySQL(), user="root", password="test",
dbname="research_db", host="localhost",
client.flag=CLIENT_MULTI_STATEMENTS)
If the database is indeed your experimental localhost, this might be somewhat realistic. However if you use it with multiple users on a server you might not want to expose the db credentials like this. Particularly when combining RStudio Server with a SQL database you might want to do something encrypted. What is your experience?
769
The best way to secure the database connection string is to encrypt the value within the configuration file. The application would then load the encrypted value from the config file, decrypt the value, and then use the decrypted value as the connection string to connect to the database.
Connection strings can be stored as key/value pairs in the connectionStrings section of the configuration element of an application configuration file. Child elements include add, clear, and remove.
Here is a piece of example code that uses the tcltk package to prompt for a password while hiding the actual value:
library(tcltk)
tt <- tktoplevel()
pass <- tclVar()
tkpack(tklabel(tt,text='Password:'))
tkpack(tkentry(tt,textvariable=pass,show='*'))
tkpack(tkbutton(tt,text="Done",command=function()tkdestroy(tt)))
tkwait.window(tt)
tclvalue(pass)
In this case it just prints out the unhidden password at the end, but you could wrap this in a function to return that value, then use that as the value for the password argument. Or you could put this and the connect call (with the tclvalue line as the password) inside a call to local so that the variable containing the password disappears as soon as it is used.
Edit
For RStudio and RStudio server there is a function .rs.askForPassword. Use it like:
psswd <- .rs.askForPassword("Database Password:")
con <- dbConnect(MySQL(), user="root", password=psswd,
dbname="research_db", host="localhost",
client.flag=CLIENT_MULTI_STATEMENTS)
So I like the solution of using the config file - that is a great answer. There are also some good comments on the password prompting answer that led me to this solution:
conn <- dbConnect(drv, "jdbc:sqlserver://host:port", 'username', password=.rs.askForPassword("Enter password:"))
I have a different solution for the same problem, which doesn't require the user to type in their password every time they are connecting. I'm using the .my.cnf file functionality. Basically every user has a .my.cnf file in the root of their RStudio Server home directory which contains their password(s) to all MySQL databases, so in the R script I just refer to the database through the 'group' functionality.
R scripts:
library("RMySQL")
m <- dbDriver("MySQL")
# connect using .my.cnf
con <- dbConnect(m, group = "theDatabase")
.my.cnf file:
[client]
user = userName
host = mysql.server.com
password = MyPassword
[theDatabase]
database = hr
[theDatabase2]
user = opto
database = opto
password = pure-light
host = merced
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
