Re^3: Best practices for database passwords

L~R,
I think I understand now, sorry for the mix up. I've hard-coded auth info before also, but that wan't very nice as you've found. I made a quick module at one time so at least my connections only went through one place for the password so I didn't have to have 10 scripts all with the info and it was only stored in one place, but you still have the password in a file, so you almost might as well not protect the Db, less relying on read priveleges.

Regards Paul

Comment on Re^3: Best practices for database passwords

Replies are listed 'Best First'.
Re^4: Best practices for database passwords by Limbic~Region (Chancellor) on Mar 22, 2005 at 23:45 UTC
thekestrel, My mother always tells me that locks are for honest people. By that she means a determined criminal won't be discouraged by a little security. With that said, there are very good reasons to not leave your doors unlocked. While there are ways to minimize threats, some risk must be assumed. When I said I didn't have a "good" answer I was indicating that I wasn't aware of a generic one-size-fits-all solution. Given a specific set of conditions certain choices make more sense then others as indicated by other responses in this thread and elsewhere. Cheers - L~R	[reply]

Replies are listed 'Best First'.

Re^4: Best practices for database passwords
by Limbic~Region (Chancellor) on Mar 22, 2005 at 23:45 UTC

thekestrel

When I said I didn't have a "good" answer I was indicating that I wasn't aware of a generic one-size-fits-all solution. Given a specific set of conditions certain choices make more sense then others as indicated by other responses in this thread and elsewhere.

Cheers - L~R

[reply]