I've dealt with this situation before and have come up with the following ideas:

  1. Lock down the database - create views that only allow access to the required data. the user should have select only on the specific areas required (and create session.. ;-) )
  2. Passwords may be stored in a 0400 file readable only be the user that executes the script _or_ embed the password in the script, either way if the user is hacked the password can be gained. I personally prefer to embed the passwd in the script as it doesnt make an extra IO. (as always there are pro's and con's)
  3. Lock down the machine, make sure the security on the server (users, host.deny|allow et al) are all up to date.
  4. Lock down the server ie, make sure no directories are visible, and make sure you've got the latest patches.
  5. Consider SSL, better send sensitive data over the wire encrypted than plain.
  6. Consider seperating you DB from you WS, on a private network, and having only essential machines access it.
  7. Consider a vpn between the DB and the WS.
Also consider obfu'ing you pwd against a casual observer, a simple xor against $0 might do the trick, not immediately obvious, just dont change the name of the script.. ;-)

HTH, and good luck!

In reply to Re: Hiding Passwords by Ryszard
in thread Hiding Passwords by Anonymous Monk

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.