Security with DB's

Spidy has asked for the wisdom of the Perl Monks concerning the following question:

In the sense of security online, is it better to go with a mySQL DB, or just creating one using dbmopen?

This is all assuming that I have no extra security features implemented, no https://, etc. Does anyone know if it would be better to use a mySQL DB or a normal one, in the sense of security and ease?

My Website

Comment on Security with DB's

Replies are listed 'Best First'.
Re: Security with DB's by sgifford (Prior) on Aug 28, 2004 at 03:32 UTC
If you configure MySQL to only listen on a Unix socket and set the permissions on that socket appropriately, and if you write your SQL code carefully, their security is about equal. As for ease of use, db/dbm files are easier for simple databases with only one key; if you want to retreive the data with different keys or in different orders, you'll find an SQL server is much easier.	[reply]
Re: Security with DB's by perrin (Chancellor) on Aug 28, 2004 at 03:32 UTC
It sounds like you don't actually understand what these databases are. They are functionally quite different. There are fewer things you can screw up security-wise with a dbm file, but that doesn't mean MySQL is insecure.	[reply]
Re^2: Security with DB's by Spidy (Chaplain) on Aug 28, 2004 at 05:58 UTC
I don't know too much about either to be sure, but I do know enough to be able to open, close, read, write, etc. I'm essentially wondering, if I was going to store usernames and passwords, for ease of use and decent security, which would I use?	[reply]
Re^3: Security with DB's by perrin (Chancellor) on Aug 28, 2004 at 18:25 UTC
If you believe you can meet your needs with a dbm file, then use that. It's much simpler than using a relational database like MySQL.	[reply]
Re^4: Security with DB's by Spidy (Chaplain) on Aug 29, 2004 at 03:39 UTC