Re^4: DBI & CGI Security

Points well taken jayroom. I agree, it's not a perfect set-up. The bottom line is that I doubt one can develop a completely ironclad system, as many discussions here at the Monastery will attest to. I think of security as a layered affair. I used to hard code my DB passwords right into the script, so, I'm doing one better here. I don't think there is any one silver bullet. The more barriers you put up, the harder you make it for the nefarious crackers to get in. Hopefully that is not too naive.

I was thinking about my e-commerce sites, and combination of the secure certificate, the remote keys, and wondering if scenerios like that are workable. It's a good discussion to keep going—I'd love to see a definitive answer so I don't feel like the little boy sticking my fingers in the latest leak in the dike.

—Brad
"A little yeast leavens the whole dough."

Comment on Re^4: DBI & CGI Security

Replies are listed 'Best First'.
Re^5: DBI & CGI Security by jayrom (Pilgrim) on Jun 03, 2004 at 19:14 UTC
I didn't mean to give you a lesson. I also used to hard-code the auth in the script and have also wondered which solution would be the best. I share your overall feeling so I am in the same boat as you and would love to hear from one of the local gurus ;-) jayrom	[reply]