However, when it comes to passwords, things get a little bit complicated… Obviously, you don’t want to make public your freemysql account’s username and password. And since c9 workspaces are public, simply storing the connection information in the config is not a good idea.
Do you have any ideas on how to target that problem?
I was thinking about a pre-loaded component, that asks for DB connection information, initializing the DB component and storing the required data in a cookie or in session. Sessions don’t seem to work currently (no idea why), so maybe I have to use the DB as session store (which means I can’t store connection data in session, because I can’t access session without those info). So maybe cookies really are the only way to provide the required information with every request.
Now, however I send connection info to c9 (with every request when using the cookie solution, or only with the first request when using the session solution), how can I secure the data? Obviously, it should be encrypted when sending it over the wire (c9 doesn’t provide https). But the server side has to decrypt it to open the db connection. Since the workspace is open for everyone, everyone can lookup what algorithm is used to (en)crypt the data and also what “secret” is used when (de)crypting the data.
Feels like running in circles… Do you have an idea how it can probably be solved?