How to handle DB passwords in R connection strings?
Solution 1
Here is a piece of example code that uses the tcltk package to prompt for a password while hiding the actual value:
library(tcltk)
tt <- tktoplevel()
pass <- tclVar()
tkpack(tklabel(tt,text='Password:'))
tkpack(tkentry(tt,textvariable=pass,show='*'))
tkpack(tkbutton(tt,text="Done",command=function()tkdestroy(tt)))
tkwait.window(tt)
tclvalue(pass)
In this case it just prints out the unhidden password at the end, but you could wrap this in a function to return that value, then use that as the value for the password argument. Or you could put this and the connect call (with the tclvalue line as the password) inside a call to local
so that the variable containing the password disappears as soon as it is used.
Edit
For RStudio and RStudio server there is a function .rs.askForPassword
. Use it like:
psswd <- .rs.askForPassword("Database Password:")
con <- dbConnect(MySQL(), user="root", password=psswd,
dbname="research_db", host="localhost",
client.flag=CLIENT_MULTI_STATEMENTS)
Solution 2
So I like the solution of using the config file - that is a great answer. There are also some good comments on the password prompting answer that led me to this solution:
conn <- dbConnect(drv, "jdbc:sqlserver://host:port", 'username', password=.rs.askForPassword("Enter password:"))
Solution 3
I have a different solution for the same problem, which doesn't require the user to type in their password every time they are connecting. I'm using the .my.cnf file functionality. Basically every user has a .my.cnf file in the root of their RStudio Server home directory which contains their password(s) to all MySQL databases, so in the R script I just refer to the database through the 'group' functionality.
R scripts:
library("RMySQL")
m <- dbDriver("MySQL")
# connect using .my.cnf
con <- dbConnect(m, group = "theDatabase")
.my.cnf file:
[client]
user = userName
host = mysql.server.com
password = MyPassword
[theDatabase]
database = hr
[theDatabase2]
user = opto
database = opto
password = pure-light
host = merced
Matt Bannert
Data Science and Analytics Engineer Engineer. Global coordinator for @_useRconf. Creator of Hacking for Social Sciences. Talks stats, hoops and trash.
Updated on June 18, 2022Comments
-
Matt Bannert almost 2 years
Though I don't know what the SO quorum would be, the question itself is simple: How do y'all handle passwords in db connection string when you connect to a database from R?
Tutorials often show an example like this.
con <- dbConnect(MySQL(), user="root", password="test", dbname="research_db", host="localhost", client.flag=CLIENT_MULTI_STATEMENTS)
If the database is indeed your experimental localhost, this might be somewhat realistic. However if you use it with multiple users on a server you might not want to expose the db credentials like this. Particularly when combining RStudio Server with a SQL database you might want to do something encrypted. What is your experience?
-
Matt Bannert over 11 yearscool idea, something in the back of mind doubts though that
tcltk
works withRStudio server
. Could you imagine a solution with readline that also hides the pw? -
Greg Snow over 11 yearsOops, I missed the 'server' part of the question. This will work on a local machine, but I doubt over the web. There are ways to get an encrypted/hidden password via .cgi scripts, so possibly the server could send a .cgi to pop up a browser window to get the password, but that is beyond my experience to comment on. I doubt that readline will work, because it uses the interface to get the information, this needs to be programmed at the interface level, not the readline level.
-
Matt Bannert over 11 yearsAnyway this was a helpful answer, +1. Making people enter their password is a good suggestion no matter how it's implemented.
-
Matt Bannert over 9 yearsthere is a nice solution for the server part to if you use rstudio server you can use
.rs.askForPassword
. Entering password interactively is definitely a good suggestion. -
Lazarus Thurston almost 7 yearstcltk package seems unavailable for download. What is the library name?
-
Lazarus Thurston almost 7 years2017: the
dbDriver
function is deprecated. Still looking for a solution. -
Greg Snow almost 7 years@sanjmeh, the tcltk package should have been installed with R, no need to download it.
-
Greg Snow almost 7 years@MattBannert, Rstudio has a solution for this now, see the edit above.