RFC: quantmod::getSymbols.MySQL
On 10/29/2014 10:36 AM, Mark Knecht wrote:
On Wed, Oct 29, 2014 at 6:38 AM, Zachary Deane-Mayer <zach.mayer at gmail.com> wrote:
Hi Mark, It'd be a little cumbersome, but couldn't you also source() an R script at the start of your session that loads the parameters from .my.cnf and passes them to options()? Alternatively, maybe getSymbols.MySQL could look for a cnf_file option, and then if that is not present look for a username and password? -Zach
Hi Zach & Josh,
Yes, I'm sure there's lots of ways to do this, and as an individual
user just working by myself I'll be happy for anything that works.
That said, the nice security feature about the way it was done
before was TTBOMK the R environment never saw the MySQL username &
password. That was previously all done completely outside of R. R Asks
MySQL to get some data from a specific database. MySQL wasn't given a
username and password so it automatically accesses .my.cnf which is
secure. If it finds an entry with the right database name, then it
gets username and password from that file, gets the data from the
database and gives it back to R. If the username/password aren't there
the user can pass them explicitly (as I'm doing with this recent
change) or else he doesn't get access to that database.
Not being a user of the packages under discussion, other than RMySql (and assuming it is RMySQL you are talking about underneath), I am a bit confused about why you think this has been broken by changes to defaults? If anything, it seems to depend on R not doing anything, and letting the driver handle it. I still use this approach in my own packages that use RMySQL. I think it is the default if host/user/password are not explicitly specified in another way. I also believe it is generally considered the most secure approach because sensitive information is not left sitting around in more viewable places. Am I missing something (as usual)? Paul
But going beyond that model consider a C++/GTK application that
links calls to R under the hood using the Rinside package. (Something
I'm just starting to play with now.) I'm in a GTK-based GUI, using C++
code that runs R functions one of which is accessing MySQL to get
price data. The results are loaded by R, indicators are calculated and
I see them in my GTK GUI. Now, I send the compiled app to a friend.
How would MySQL work in that case? Today he just puts an entry in
.my.cnf on his machine and he's good to go. (NOTE: I'm not looking for
an answer to this specific issue. In my specific case I may access
MySQL from C and pass the data to R as it appears to be a lot faster.)
Anyway I don't think this is really a new feature. It's the
standard MySQL security model. It used to work and was broken by the
recent change to defaults. All that said I'll of course use what ever
gets supported. I'm just pointing out the issue, not trying to create
work for anyone.
Cheers,
Mark
_______________________________________________ R-SIG-Finance at r-project.org mailing list https://stat.ethz.ch/mailman/listinfo/r-sig-finance -- Subscriber-posting only. If you want to post, subscribe first. -- Also note that this is not the r-help list where general R questions should go.