If the script will be distributed to several machines over the network, then all the credentials that your script will use will be available to these users, and there is no way to get around this.
You can do two things if there is personal data for each user:
- create a new user account in the database for each user of your program with restrictive permissions, allowing them to do only what you want, and nothing more
- have a proxy server that will authenticate them and connect to the database in their name (this is how most websites work).
If all the data is public and read-only, you can:
- create a user account in the database for read-only access and use its credentials in all distributed copies of your program.
- It has a proxy server that does not authenticate users, but connects to the database, and does not disclose it to the public.
Number 2 of each of these parameters is usually recommended for each database with MySQL security history, but number 1 of both of these parameters will be recommended for databases such as CouchDB.
Never distribute any credentials with your program that you do not want your users to use.
Zed
source share