Just wondering, but what keeps the guy who breaks into your system from setting up something that harvests those usernames and passwords from any method of authorization? This is why they introduced digest authorization and are further beefing up security with the Apache 2.1 authorization scheme.
As a side note, do not encrypt the username and password for a DBI connection on the server unless you REALLY REALLY want to. Think about it if you will: the server has to decrypt them somehow. The decryption key will be either stored somewhere on the machine or provided by the user. If someone takes control of the system, they can either find it wherever it is on the hard drive or harvest it the next time someone comes in. Forming the database connection is already expensive and decrypting the username and password will only make this process more expensive.
antirice
The first rule of Perl club is - use Perl
The ith rule of Perl club is - follow rule i - 1 for i > 1
In reply to Re: Authenticating to mySQL through DBI on Apache?
by antirice
in thread Authenticating to mySQL through DBI on Apache?
by Massyn
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |