Arjen G. Lentz [mailto:[EMAIL PROTECTED]] wrote: > >Hi Tim, > >----- Original Message ----- >From: "Tim Hewitt" <[EMAIL PROTECTED]> > >> It would be nice if mySQL supported some form of encrypted login where >> the username and password could be decrypted internally somehow. > >Security through obscurity isn't REALLY safe. It just hides it a bit. Anyone >could still get to it, with a bit of effort. [clip]
I did not mean for this to be an off-topic PHP post, what I was noodling about here was a mySQL means to provide a more secure access for scripting languages like Perl, Python and PHP - which end up with insecure username and password config files all over the Internet. I don't know what this mechanism is - I'm not even sure I can think it through at the moment - but something like checking a server variable like http_server, or maybe even http_document_root and only allowing the login if the script was being run from the appropriate location. Perhaps limiting a login for a specific username only from a specific document_root? The problem with checking for username@localhost - which is what most installations do, at least through phpMyAdmin on CPANEL hosts - is that once your username and password are available, you are vulnerable from any other shared host on the same server. Their host is also "localhost." Is there a way to see the value of localhost from within mySQL? Thanks, -Tim --------------------------------------------------------------------- Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail <[EMAIL PROTECTED]> To unsubscribe, e-mail <[EMAIL PROTECTED]> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php