You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
tl;dr - there are situations where you can use short-lived token instead of long-lived password to connect to database
Problem(s):
Access token used as password can be really short-lived (5-60 minutes). When using lazy connections in some long-running jobs, token may be already expired when trying to connect if token obtained in service creation time instead in connection time.
Same as previous for reconnecting during long-running job
Access token shoud not be obtained before lazy connection is ready made
Potential solutions:
Wierd one - pass reference to password instead of password itself (for example in Azure Storage SDK) - this does not solve latest issue - token has to be released not only even connection is not made, but has to be updated every tim
Provider of connections - using some layer above current connection class and do lazines again (doable outside of Nette)
Provider of password - allow password to be not only ?string, but null|string|callable():string
I would preffer last one of course. I wanted to do it and send as PR, but I feel like to need approval that it is acceptable at all. As I looked to another frameworks, their configuration usually does not support this scenario too.
The text was updated successfully, but these errors were encountered:
Problem is only in mindset. Of course I can handle solving this by connection factory and/or decorator above current Connection class, where I would re-implement connection laziness.
I belive, this kind of stuff should be somehow supported by framework as short-lived passwords will be used more and more.
But I may be alone with this opinion. This is reason, why I asked first, before trying to create PR.
There are possibilities to connect database servers using token credentials. For example https://learn.microsoft.com/en-us/azure/mysql/flexible-server/concepts-azure-ad-authentication
tl;dr - there are situations where you can use short-lived token instead of long-lived password to connect to database
Problem(s):
Potential solutions:
?string
, butnull|string|callable():string
I would preffer last one of course. I wanted to do it and send as PR, but I feel like to need approval that it is acceptable at all. As I looked to another frameworks, their configuration usually does not support this scenario too.
The text was updated successfully, but these errors were encountered: