xkcd-Bucket icon indicating copy to clipboard operation
xkcd-Bucket copied to clipboard
verified publisher icon zigdon

Move all but essential config options into database

Open dgw opened this issue 10 years ago • 3 comments

Discussion in #53 brought up the possibility of moving most of Bucket's options into the database.

Other than the DB connection details, what (if anything) should be left out? From a security standpoint, I'd say the following additional options should be stored in bucket.yml only:

  • bucketlog
  • control_channel
  • db_dsn
  • db_password
  • db_username
  • logchannel
  • logfile
  • main_channel
  • nick
  • nickserv_msg
  • nickserv_nick
  • password
  • plugin_dir
  • port
  • server
  • server_pass
  • ssl
  • www_root

Many of these could live in the database if secured in such a way that only the bot's owner could change them, and nobody else could even see the values (that goes triple for passwords).

Anyone have thoughts on this? One of my goals is to eventually learn enough Perl to actually effect this change myself, but until then we have some time to discuss.

dgw avatar Feb 04 '15 08:02 dgw

Wait, who else would have access to these things in the database? Ideally, I'd want just 'db_*' to remain in the yml.

zigdon avatar Feb 05 '15 19:02 zigdon

That would be ideal, but #52 reminded me that values settable with "Bucket: set x" can be changed by any bot op. To protect those settings, the permissions system would need an overhaul to include an "owner/admin" class with more privileges than normal ops, so some settings could be restricted to just those people.

dgw avatar Feb 05 '15 20:02 dgw

Yeah, not a bad idea to implement a 'password' field, which can only be SET in privmsg, and never read.

Also, the yml file should still support specifying irc server connection, otherwise bootstrapping becomes a problem. It'll be okay if the server settings from the database trump the yml ones, but if the DB doesn't have any, there has to be a way to initialize it. I suppose we could prompt on the console for details if the settings are missing, but that's a whole other can of worms.

On Thu Feb 05 2015 at 12:08:27 PM dgw [email protected] wrote:

That would be ideal, but #52 https://github.com/zigdon/xkcd-Bucket/pull/52 reminded me that values settable with "Bucket: set x" can be changed by any bot op. To protect those settings, the permissions system would need an overhaul to include an "owner/admin" class with more privileges than normal ops, so some settings could be restricted to just those people.

— Reply to this email directly or view it on GitHub https://github.com/zigdon/xkcd-Bucket/issues/54#issuecomment-73117121.

zigdon avatar Feb 05 '15 20:02 zigdon