Skip to content

Secure DB config + Parameterized SQL + Unified schema (env-based) #421

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Secure DB config + Parameterized SQL + Unified schema (env-based) #421

wants to merge 3 commits into from

Conversation

@anmolecule94
Copy link

@anmolecule94 anmolecule94 commented Aug 18, 2025

This PR addresses security and reliability issues around DB configuration and SQL usage.

Changes:

Move DB config to env variables via software/db_config.py (dotenv support).
Add .env.example for contributors.
Parameterize SQL queries in software/manage_data.py; eliminate string interpolation.
Ensure DB selection via DB_NAME; main and manage_data now CREATE/USE configured DB.
Align software/report.py with shared schema (tables user/finance) and use db_config.
Why:

Prevent hardcoded credentials and inconsistent schemas.
Eliminate SQL injection risks.
Make local setup reproducible and safer.
Testing:

Ran through login/insert/delete paths with a local MySQL; verified tables are created in DB_NAME and queries succeed.
Follow-ups:

Consider parameterizing remaining queries in software/main.py UI if any remain in other branches.
Optionally add unit tests for encrypt/decrypt and DB helpers.

cursoragent and others added 3 commits August 18, 2025 08:24
@cursoragent @anmolecule94
Checkpoint before follow-up message
64cdfc4 
Co-authored-by: anmolsinghmsd <anmolsinghmsd@gmail.com>
@cursoragent
Security: move DB config to env via db_config; parameterize SQL in ma…
48944fa 
…nage_data; use unified DB_NAME; add .env.example. Also align report.py with shared schema and db_config, and update main to use configured DB.
@cursoragent
Docs: add Contributor Covenant CODE_OF_CONDUCT.md
d3b069a
@github-actions
Copy link
Contributor

github-actions bot commented Aug 18, 2025

🎉 Thank you for your contribution! Your pull request has been submitted successfully. A maintainer from team will review it soon. We appreciate your support in making better.

@netlify
Copy link

netlify bot commented Aug 18, 2025
edited
Loading

Deploy Preview for multiverse-dataverse ready!

Name Link
🔨 Latest commit d3b069a
🔍 Latest deploy log https://app.netlify.com/projects/multiverse-dataverse/deploys/68a2e4cc8ceed90008df7779
😎 Deploy Preview https://deploy-preview-421--multiverse-dataverse.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

github-actions[bot]
github-actions bot reviewed Aug 18, 2025
View reviewed changes
Copy link
Contributor

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎉 Thank you for your contribution! Your pull request has been submitted successfully. A maintainer from Dataverse will review it soon. We appreciate your support in making this project better.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@anmolecule94 @cursoragent