error on importing variable value

[int32bit]

I can't figure out why this doesn't work. Any ideas appreciated.

conn = MySQLdb.connect (db = "vocab")
cursor = conn.cursor ()
cursor.execute ("SELECT VERSION()")
row = cursor.fetchone ()
print "server version:", row[0]
cursor.close ()
conn.close ()

gives:

server version: 5.0.44-log

but

import defs
conn = MySQLdb.connect (defs.connect)
cursor = conn.cursor ()
cursor.execute ("SELECT VERSION()")
row = cursor.fetchone ()
print "server version:", row[0]
cursor.close ()
conn.close ()

where defs.py is

connect = 'db = "vocab"'

gives:

Traceback (most recent call last):
File "./add_words", line 17, in ?
conn = MySQLdb.connect (defs.connect)
File "/usr/lib/python2.4/site-packages/MySQLdb/__init__.py", line
74, in Connect
return Connection(*args, **kwargs)
File "/usr/lib/python2.4/site-packages/MySQLdb/connections.py",
line 170, in __init__
super(Connection, self).__init__(*args, **kwargs2)
_mysql_exceptions.OperationalError: (2005, 'Unknown MySQL server host
\'db = "vocab"\' (3)')

 

[CS]

I'm new to programming and I'm trying to find some answers. I wrote a few
python cgi scripts for my website all of which access a mysql db on
'localhost'. My question is, Is it a bad idea to have my username and
password for my db coded in my script? Is there a better way to make sure
that information can't be acessed? Obviously I wan't to make sure that my
*.py can't be downloaded from /cgi-bin and give anyone access to my db's.

Cory

 

[Dennis Lee Bieber]

I can't figure out why this doesn't work. Any ideas appreciated.

conn = MySQLdb.connect (db = "vocab")

This is a keyword parameter association, the parameter named "db" is
given the string value "vocab".

import defs
conn = MySQLdb.connect (defs.connect)
where defs.py is

connect = 'db = "vocab"'

This is a string. You'd get the same error using:

conn = MySQLdb.connect('db="vocab"')

as you are giving the entire string to whatever the first defined
parameter in .connect() is...

Change defs.py to:

-=-=-=-=-
connect = { "db" : "vocab" }

and change the connection to read:

-=-=-=-=-
conn = MySQLdb.connect(**defs.connect)

to force keyword unpacking of the dictionary



--
Wulfraed Dennis Lee Bieber KD6MOG
(e-mail address removed) (e-mail address removed)
HTTP://wlfraed.home.netcom.com/
(Bestiaria Support Staff: (e-mail address removed))
HTTP://www.bestiaria.com/

 

[Dennis Lee Bieber]

First off, you appear to have piggy-backed onto another thread, even
though you think you changed the subject line it still threaded as part
of the previous message. You should have posted a NEW message, not a
REPLY.

I'm new to programming and I'm trying to find some answers. I wrote a few
python cgi scripts for my website all of which access a mysql db on
'localhost'. My question is, Is it a bad idea to have my username and
password for my db coded in my script? Is there a better way to make sure
that information can't be acessed? Obviously I wan't to make sure that my
*.py can't be downloaded from /cgi-bin and give anyone access to my db's.

Well... lets see... First step would be to lock up cgi-bin so that
the web server can access/execute the contents, but stray browsers can
not open the directory to view the contents. That is:

http://some.where/cgi-bin

should return something like a 404 error or "no privilege to view
directory"... This way, only specifying something like

http://some.where/cgi-bin/a-script

can get in -- and since that /runs/ the script on the server side, the
browser has to know the name of the script, and they only receive
whatever the script generates for them. Ensure the CGI-BIN directory can
not be accessed by FTP (especially not by anonymous FTP; require a
username/password -- even if FTP is not considered all that secure these
days with plain text logins).

Second step... Lock up the MySQL server so that it only accepts
local users, no access from across the network... so...
account@localhost has access, account@* is blocked BY MySQL itself.

Third step... Create a MySQL user with only the privileges needed to
run your CGI script (if all the scripts do is retrieve data, having an
account with only "select" capability on only the limited tables needed,
means even if someone finds the CGI file and extracts the account all
they can do is read -- and you already give them that with the scripts
anyway).

Cory

--
Wulfraed Dennis Lee Bieber KD6MOG
(e-mail address removed) (e-mail address removed)
HTTP://wlfraed.home.netcom.com/
(Bestiaria Support Staff: (e-mail address removed))
HTTP://www.bestiaria.com/

 

[Gabriel Genellina]

I can't figure out why this doesn't work. Any ideas appreciated.

conn = MySQLdb.connect (db = "vocab")
cursor = conn.cursor ()
cursor.execute ("SELECT VERSION()")
row = cursor.fetchone ()
print "server version:", row[0]
cursor.close ()
conn.close ()

gives:

server version: 5.0.44-log

but

import defs
conn = MySQLdb.connect (defs.connect)
[...]
where defs.py is

connect = 'db = "vocab"'

gives:

Traceback (most recent call last):
        _mysql_exceptions.OperationalError: (2005, 'Unknown MySQL server host
\'db = "vocab"\' (3)')

Try this:

defs.py:
dbname = "vocab"

import defs
conn = MySQLdb.connect(db=defs.dbname)

BTW, please read the Style Guide at http://www.python.org/dev/peps/pep-0008
- in particular, I feel space before an opening parens rather
annoying. But it's just a matter of style.

 

[int32bit]

This is a keyword parameter association, the parameter named "db" is
given the string value "vocab".



This is a string. You'd get the same error using:

conn = MySQLdb.connect('db="vocab"')

as you are giving the entire string to whatever the first defined
parameter in .connect() is...

Change defs.py to:

-=-=-=-=-
connect = { "db" : "vocab" }

and change the connection to read:

-=-=-=-=-
conn = MySQLdb.connect(**defs.connect)

to force keyword unpacking of the dictionary

--
Wulfraed Dennis Lee Bieber KD6MOG
(e-mail address removed) (e-mail address removed)
HTTP://wlfraed.home.netcom.com/
(Bestiaria Support Staff: (e-mail address removed))
HTTP://www.bestiaria.com/

Thanks. This works great. As a side note, it can also be extended so
that if defs.py is

connect = { "host" : "localhost", "user" : "joey", "db" : "vocab" }

the MySQLdb.connect(**defs.connect) still works.