comment on

That depends on your authentication mechanism and authorisation model.

If you have a small number of users it's a non-issue.
If you have a larger number of users but small number of database users (aka authorisation groups) the HTTP user should not be identical with your webapp user, instead you have one apache user for each level of authorisation you want to give. You receive the HTTP authentication header, use your own method of authenticating the user, then set the HTTP user to be your database/system user. That way, you can have a different HTTP user for, say, admin, user and guest and each of these will only have access to their own database passwords.
If you have a large number of database users you are entirely correct, my solution doesn't scale and you should do something else.

In reply to Re^3: Securing the database password for web applications by tirwhan
in thread Securing the database password for web applications by Anonymous Monk

Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!

Titles consisting of a single word are discouraged, and in most cases are disallowed outright.

Read Where should I post X? if you're not absolutely sure you're posting in the right place.

Please read these before you post! —

Posts may use any of the Perl Monks Approved HTML tags:

a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr

You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)

	For:		Use:
	&		`&`
	<		`<`
	>		`>`
	[		`[`
	]		`]`

Link using PerlMonks shortcuts! What shortcuts can I use for linking?

See Writeup Formatting Tips and other pages linked from there for more info.