in reply to Re: Protecting your DBI user/password in scripts?
in thread Protecting your DBI user/password in scripts?

Your method is nice and would be ok in situations where only previously known users can access your application.

As a variation, in the webserver/ISP setting one could think of putting the user/encrypted_password table in a flat file readable from the application. It would avoid the problems with double permissions and under some conditions it would be faster than accessing the database.

One problem I see is that if the attacker can change your application files, it can intercept the cleartext password between steps 3 and 4.


Cheers

Antonio
  • Comment on Re: Re: Protecting your DBI user/password in scripts?

Replies are listed 'Best First'.
Re: Re: Re: Protecting your DBI user/password in scripts?
by blokhead (Monsignor) on Sep 13, 2002 at 14:47 UTC
    Good point, abel! In this fast-paced world of enormous RDBMS systems, we forget about flat files and how elegant they can be in many situations.

    blokhead

[reply]

In Section Seekers of Perl Wisdom