Secure DB config + Parameterized SQL + Unified schema (env-based)#421
Open
anmolecule94 wants to merge 3 commits intomultiverseweb:mainfrom
Open
Conversation
Loading
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR addresses security and reliability issues around DB configuration and SQL usage.
Changes:
Move DB config to env variables via software/db_config.py (dotenv support).
Add .env.example for contributors.
Parameterize SQL queries in software/manage_data.py; eliminate string interpolation.
Ensure DB selection via DB_NAME; main and manage_data now CREATE/USE configured DB.
Align software/report.py with shared schema (tables user/finance) and use db_config.
Why:
Prevent hardcoded credentials and inconsistent schemas.
Eliminate SQL injection risks.
Make local setup reproducible and safer.
Testing:
Ran through login/insert/delete paths with a local MySQL; verified tables are created in DB_NAME and queries succeed.
Follow-ups:
Consider parameterizing remaining queries in software/main.py UI if any remain in other branches.
Optionally add unit tests for encrypt/decrypt and DB helpers.