All posts by bcarter

Using Environment Variables for Database Credentials

This is not a security discussion

Where to store the database credentials for an app is a long-running discussion that depends on many things.  What app server is being used, what OS, how sensitive is the data and of course how much time and money is available to invest (bad reason to skip security).

In my opinion, if a hacker can get far enough into your systems to pull down your files (application code, config files or others) they will be able to find the DB credentials for the app.

It comes down to the point, that the information is accessible to your application somehow.  If they breach far enough to get your code or config files, they will be able to find and attack that method.

There are many solutions out there and some are quite good so I’m not going to get into the best way to secure a system.

Using environment variables is relatively simple.
Example

Setting environment variables on Linux

or on Windows

Then in Python using the os package

Or in Ruby using ENV

Setting the variables on the command line like this is temporary for the current session.  Consult your OS instructions for a more permanent method if needed.

Why?

There are a couple reasons I prefer this method over hard-coding or config files.

Accidental commits
vs
Which would you rather ‘accidentally’ push to GitHub?
I could expand on this but I think that covers it.

Different environments

They are called environment variables for a reason.  On your development machine, you may have a DB running in a VirtualBox instance.  Your test servers will probably have their own databases. And only certain people should even know the credentials for the Production server.

Using environment variables, there is no need for maintaining multiple versions of config files or worse yet, source code.  Each environment is configured independently of the application.

Quick switching

This would be more of a development or test thing.  But, if you need to run your code against multiple different databases you would simply change the environment variable and not any config files or source code.  Remember, every time you modify the source code, no matter how small of a change, there’s a chance for a mistype to bring it all down.

Deploying to a Platform as a Service  (PaaS)

Most PaaS systems will spin resources up and down as needed, including your database.  If your application is using a database provided by the PaaS the process of spinning up the database would include creating secure credentials.  To simplify the process the PaaS may simply set the environment variables for the credentials and your application never needs to change.

For a bit of extra security, they may automatically change the credentials whenever the system is restarted.  You would be able to log onto your server and get the current credentials if you need them, otherwise, they just work.

Leave me a comment if you have any questions or suggestions.

Problem loading Python driver

I ran into a small issue last week when I tried the following command:

This returns “Python Pip install Error: Unable to find vcvarsall.bat.”  This is not a problem with cx_Oracle, it happens with any pip install that tries to compile.

If you want to skip the rant below and just get the driver loaded, the immediate solution is to download the binary installer and move on.  That worked fast and easy.

<Rant>
Before I found the simple solution above, my search found recommendations to install the VS compiler for Python 2.7, upgrade pip, and even to load Visual Studio Express.

BTW, the VS compiler for Python 2.7 took a loooooooong time to install.  An unacceptably long time.  VS Express added a few other apps to my system that I didn’t want.  As far as I could tell in the installer, there was no option to not load them.

In the process of trying these different solutions, none of which worked, I wound up with a lot of extra software that I didn’t want.

Now I am a newb to Python, but not to Windows.  I went in and tried to remove the bloatware that came with VS express and the other software, such as multiple versions of VS compiler.  As I expected, when I installed VS it modified some existing apps somewhere.  So when I removed VS it broke other apps that had been working fine before all of this.  Thankfully, I’ve done this enough times before, so I had a system restore point ready.

System restored, moving on.

The problem, as far as I can tell, is that the latest Python tools do not play well with the latest Microsoft tools when you are on a 64 bit OS.
</Rant>

Long term, as I move on to building real Python apps, I found a few workarounds that claim to solve this problem for windows that I could try.  But first, I plan to switch over to my Linux install and work there.   At this point I’m willing to bet it won’t be such a mess.

Configure Host Access to an Oracle Database on a VirtualBox vm

Admittedly it’s been a while since I’ve used VirtualBox to host a database. I’ve been using a bunch of different cloud services.

I like to program on my main machine(host) and connect to the VM as if it were just a database server.  I expected to have quite a few issues given how long it’s been since I did it this way. But really the only issue I had was  making the connection from the Host to the VM.

This is how I configured my VM using VirtualBox 4.3.26 for Windows hosts.

If any of the steps need a better explanation, leave me a comment and I’ll clarify.

Steps

  • Download the Database App Development VM from Oracle’s Pre-Built Developer VMs.  Others should also work if you have a favorite.
  • Import the .ova file into VirtualBox
  • Add network adapter
    • Select the imported VM
    • Click Settings (gear icon in toolbar or in the VM’s right-click menu)
      Settings
  • Configure Adapter
    • Select Network
    • Click on the Adapter 2 tab
    • Check Enable Network Adapter
    • In the Attached to list, select Host-only Adapter
    • Click OK button
      Add 2nd Adapter
  • Start the VM
  • Enable network adapter inside the VM
    • Click the network icon on the right side of the toolbar
    • Turn on the new adapter. Both adapters should be on.
      Note the name of the new adapter you just turned on.
      Enable2ndAdapter
  • Open a Terminal inside the VM
    • From the information at the top of the Terminal, Note the Pluggable DB and ALL PASSWORDS ARE values
      InitialTerminalMessage
    • Type ifconfig -a to get the ip address.  The adapter you just enabled (name from last step) will have the address you need, in my case it’s 192.168.52.101.
      ifconfig results
  • Test the connection on your host machine.
    I’m using Oracle SQL Developer 4.0.3 (4.0.3.16.84)

    • Create a new connection using the above values and push the test button.
      Password: oracleALL PASSWORDS ARE value
      Hostname: 192.168.52.101 — IP address value
      Service Name: orcl — Pluggable DB value
      Test Connection

If all goes well you should have a good connection.

Any questions please leave a comment.

Off to a slow start

<Excuses> Due to typical work priorities and the fact that I’m still settling into a new position, I didn’t make as much progress as I had hoped last week.  I’m almost certain there was minimal procrastination. </Excuses>

I have to admit, I wish I would have started learning Python a few years back.  The language is very intuitive and the way it’s structured just seems to mesh with the way I think (so far.)

I ran through most of the learnpython.org sections.  I like the way the tutorials flow and the code runner at the bottom is a nice feature.

There were a few times when the code runner didn’t work.  I would hit the run button and not get anything back, no errors no output at all.  If you see that problem try doing a shift+refresh in your browser (kind of a soft cache clear) and if that doesn’t work, hard clearing your cache should.  Once I had to close and re-open my browser.

Usually when I write code and hit something I don’t know/remember, like most people, I google the answer.  So I tend to do the same thing when running tutorials rather than going back and re-reading.  I try to learn something the same way I know I’m going to use it.  I’m a firm believer in “You play like you practice.” This is also helpful in finding tools you can use later.  For example tutorialspoint.com is now in my bookmarks.

Next up is getting my build environment setup.  I’ve installed Oracle Database 11g Express Edition to get started and for most of the quick things.  When I get up to the more advanced features,  I will be running Oracle Database 12c both on VirtualBox and Oracle Cloud.

I’m still trying to pick an editor/IDE.  I don’t plan to spend much time covering IDE features unless I come across something extra good or bad.  I’ll try a couple and settle down quickly.

I plan to just jump right into writing a simple application backed by a database and see how that goes.  I will try to post my code to give everyone a good laugh.

 

Collaborate 15

Last week I had the privileged to attend Collaborate 15 in Las Vegas.

The facilities at the Mandalay Bay were top notch.  The food was very good and there were plenty of quiet comfortable places where you could catch your breath, relax and catch up.

I was only able to attend for a couple days at the end, but I still learned a lot and made a few great connections. I came away with new useful information from every session I attended, even the one I jumped into late just for a place to sit down. A couple of my favorite sessions had lively discussions that were focused, on topic and helpful.

I think most people prefer substance over flash when they chose a conference, at least I know I do, but some flash is fun.  I really enjoyed the mix they put together. The floor exhibits were interesting and there were a lot of them.  The 60s party was a blast and the band was awesome. Just when I would reach the “my brain is full” point, there was something shiny to focus on while my mind absorbed the info and I could relax before loading up the next chunk of information.

Overall I thought it was a great conference and I would definitely recommend it.

Diving into Python

I’m going to start learning Python.  I’ve wanted to pick up Python for a while now and it seems like a great place to dig in.

I’m starting at the very beginning (Howdy World) with the goal of developing a few tutorials to showcase the cx_Oracle driver using some of the newest Oracle Database 12c features.

At this stage, I’m collecting a resource list for getting started tutorials and a decent IDE.   I prefer hands-on tutorials over videos, mainly because I like to copy, paste and break the example code.   But I also like videos, especially when I feel like trying to type fast and keep up with the presenter.

If you have any suggestions for tutorials or IDEs, just drop it in a comment and I’ll give them a shot.

Learn -> Code -> Share

A little about me and what I’m trying to accomplish.

IMG_20150402_151354sm

I’m Blaine Carter.  I’m part of Oracle’s Developer Advocate team.  My ‘focus‘ is open source. Having such a narrow focus, I’ll be jumping around a lot. Going deeper into some things I think I know and learning some new stuff.

I tend to pick up new things fairly quick.  I like to learn a bit, then code something.  Preferably something that interests me, that makes it stick in my head better.  However, the thing that really makes the learning stick is when I share what I’ve learned.  To that end, I’ll be making some tutorials, videos and posts.  I’m sure they won’t be anywhere near perfect, but it will help me learn and I hope help others avoid some of the mistakes I’m going to make.

If something I’m doing is wrong, don’t be afraid to let me know. I’ve got a pretty thick hide on me and I think we learn more from what we do wrong than from what we do right.

That’s really the point of this blog. I’d like to help encourage people to Learn -> Code -> Share -> repeat.