I am not sure if this information is truly useful. It is a temporary
fix or for local testing. The MySQL root password is in plain text on
the host server. That is not robust security even if one needs the
necessary permissions to view the file. I am sure a smart pen(tester)
person would have her way.
I don’t have enough experience to suggest a better approach. Maybe a
more robust approach would be to query the root password upon creating
a new MySQL “database” for a “site”. This also sounds a little crazy
considering possibly insecure connections to the host server. Why not
change the default frappe user, which one would create beforehand and
grant the necessary permissions i.e. for database creation etc.? What
do you think?
I would prefer a more robust approach over my current strategy. Then
again after having created the database with ‘bench init site’, I could just
remove the plain text passwords from the config file. Should I start playing
around with the bench scripts?
Regarding the additional documentation, if you consider it responsible
to put this on the wiki, I guess I should check ‘bench’ out, add stuff,
and submit a pull request?