Go Down

Topic: YUN send data to sql via python (account & password) (Read 1 time) previous topic - next topic

joe970951

Hi.

I want to use python send data to sql. I have done this already.

However, I have a problem that is it possible to use arduino function such as process to add papmeter like IP address, account, password and table to python code. I just like another makers write these information in python code, but I think it is not security.

So, is there anyone can tell me how to do this?

Thank you.

Here is the arduino code
Code: [Select]

#include <Process.h>

void setup() {}

void loop() {
  Process p;
  p.begin("/usr/bin/python");     
  p.addParameter("/mnt/sda1/mysql.py");
  p.addParameter((String)100);
  p.addParameter((String)1); 
  p.addParameter((String)2);
  p.addParameter((String)3);
  p.addParameter((String)4);
  p.addParameter((String)6);
  p.addParameter((String)7); 
  p.addParameter((String)8);
  p.addParameter((String)9);
  p.run();
  delay(5000);
}


Here is python code
Code: [Select]

#!/usr/bin/python
# -*- coding: utf-8 -*-

import _mysql
import sys, string, os
import datetime
#print sys.argv


try:
        con =_mysql.connect('IP address', 'account', 'password', 'label')
        #con.query("SELECT VERSION()")
        #result = con.use_result()
        #print "MySQL version: %s" %  result.fetch_row()[0]
        sqlstr="INSERT INTO qu (nodeid,temp_in,humi_in,temp_out,humi_out,in,out,illumination,pressure,time) VALUES('" + sys.argv[1] +"','" + sys.argv[2] +"','" + sys.argv[3] +"','" + sys.argv[4] +"','" + sys.argv[5] +"','" + sys.argv[6] +"','" + sys.argv[7] + "','" + sys.argv[8] +"','" + sys.argv[9] +"',now())"
        #print  sqlstr
        con.query(sqlstr)

except _mysql.Error, e:
   
        print "Error %d: %s" % (e.args[0], e.args[1])
        sys.exit(1)

finally:
   
    if con:
        con.close()

ShapeShifter

I just like another makers write these information in python code, but I think it is not security.
What exactly is your concern, why do you think it is not secure?

That Python code is in a folder of sda1 that is not offered up by the web server, and is not publicly visible. The only way to see the contents of that file is by using SSH or SCP, both of which are secure and have their own authentication. If someone has the password for those services, then nothing on the Yun will be secure. Without it, unauthenticated users will not be able to see that Python file, and will therefore not be able to see that SQL authentication data.

Now, it's true that when writing a CGI script, for example in PHP, that you would want to put that authentication data in an include file that is read in from outside the web server folder hierarchy. That's because the CGI script file is in a folder that can be served up by the web server, and it would be possible for an unauthenticated user to view the CGI script source. By putting the secret data in an include file that cannot be served up, it provides a measure of security.

But that's not the case with your example Python script. It is not a CGI script, and not visible to an unauthenticated user. I don't see an issue with your example.

Am I off-base here and missing the point of your question?

sonnyyu


Go Up