[R-SIG-Finance] RFC: quantmod::getSymbols.MySQL

Mark Knecht markknecht at gmail.com
Wed Oct 29 15:36:37 CET 2014 

On Wed, Oct 29, 2014 at 6:38 AM, Zachary Deane-Mayer
<zach.mayer at gmail.com> wrote:
> Hi Mark,
>
> It'd be a little cumbersome, but couldn't you also source() an R script at
> the start of your session that loads the parameters from .my.cnf and passes
> them to options()?
>
> Alternatively, maybe getSymbols.MySQL could look for a cnf_file option, and
> then if that is not present look for a username and password?
>
> -Zach

Hi Zach & Josh,
   Yes, I'm sure there's lots of ways to do this, and as an individual
user just working by myself I'll be happy for anything that works.

   That said, the nice security feature about the way it was done
before was TTBOMK the R environment never saw the MySQL username &
password. That was previously all done completely outside of R. R Asks
MySQL to get some data from a specific database. MySQL wasn't given a
username and password so it automatically accesses .my.cnf which is
secure. If it finds an entry with the right database name, then it
gets username and password from that file, gets the data from the
database and gives it back to R. If the username/password aren't there
the user can pass them explicitly (as I'm doing with this recent
change) or else he doesn't get access to that database.

   But going beyond that model consider a C++/GTK application that
links calls to R under the hood using the Rinside package. (Something
I'm just starting to play with now.) I'm in a GTK-based GUI, using C++
code that runs R functions one of which is accessing MySQL to get
price data. The results are loaded by R, indicators are calculated and
I see them in my GTK GUI. Now, I send the compiled app to a friend.
How would MySQL work in that case? Today he just puts an entry in
.my.cnf on his machine and he's good to go. (NOTE: I'm not looking for
an answer to this specific issue. In my specific case I may access
MySQL from C and pass the data to R as it appears to be a lot faster.)

   Anyway I don't think this is really a new feature. It's the
standard MySQL security model. It used to work and was broken by the
recent change to defaults. All that said I'll of course use what ever
gets supported. I'm just pointing out the issue, not trying to create
work for anyone.

Cheers,
Mark

More information about the R-SIG-Finance mailing list