Either way you look at it, if a script has access to the database then anyone with physical access to that script will be able to access the database directly if they unravel whatever obfuscation scheme you come up with. Basically: If the script can do it, so can anyone else.
The proper solution IMHO is to create a database user with restricted access, the DBA password is for the DBA only. In real life, this may ofcourse be anything from trivial to impossible depending on exactly what the script is supposed to do and how the data is organized. The key issue here is exactly how much access do you need?
This is for the script programmer to figure out and the DBA to set up. Either start with everything and then tighten it down until things break, or (better but more painful) start with nothing and then grant every bit of access you need as you proceed.
Security through obscurity doesn't work and policy makers must be made aware.
--
Time flies when you don't know what you're doing
Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
Read Where should I post X? if you're not absolutely sure you're posting in the right place.
Please read these before you post! —
Posts may use any of the Perl Monks Approved HTML tags:
- a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
| |
For: |
|
Use: |
| & | | & |
| < | | < |
| > | | > |
| [ | | [ |
| ] | | ] |
Link using PerlMonks shortcuts! What shortcuts can I use for linking?
See Writeup Formatting Tips and other pages linked from there for more info.