>I did not mean for this to be an off-topic PHP post, what I was noodling >about here was a mySQL means to provide a more secure access for >scripting languages like Perl, Python and PHP - which end up with >insecure username and password config files all over the Internet.
There's a problem here: you need to have whatever information is needed to access MySQL (or any other database) in those files. If someone else on the same machine can get that information, he can also access the database. It doesn't matter if this information is encrypted for transmission - every client knows how to do that. >I don't know what this mechanism is - I'm not even sure I can think it >through at the moment - but something like checking a server variable >like http_server, or maybe even http_document_root and only allowing the >login if the script was being run from the appropriate location. Perhaps >limiting a login for a specific username only from a specific >document_root? There is no known method of sucking down client-side information (like UNIX user name/id, environment variables, current directory, etc.) from the server end of an Internet-domain socket. The protocols just won't do it. The client end has to supply this information. This means that it can lie about it. You might get a UNIX userid out of UNIX-domain sockets (and all you will get if you're running mod_php is the userid of the web server), but you won't get other information like virtual host name, document root, or other such information, and this depends on the MySQL server and the web server being on the same machine (often undesirable for security and/or performance reasons). Having a tamper-proof client linked in with a hostile program and retaining tamper-proof-ness is very, very difficult, especially if the client is written in C. It is less hard for a scripting language like PHP (but all bets are off if the attacker is also allowed to use C - a problem with using "secure clients" is that even one insecure client can ruin all the security). Having the client be open-source makes the problem even worse: it would be rather easy to change where it gets the information it sends the server and compile a hacked client which destroys security in the shared-webserver scenario. Besides, there are plenty of times I want to access MySQL from a machine that doesn't even HAVE a web server. >The problem with checking for username@localhost - which is what most >installations do, at least through phpMyAdmin on CPANEL hosts - is that >once your username and password are available, you are vulnerable from >any other shared host on the same server. Their host is also >"localhost." Your script has to have the information necessary to access the database (this is not unique to MySQL). If other virtual hosts are able to get this information, you're screwed. Adding one more piece of information that can be obtained just as easily as the other things doesn't help the situation any. >Is there a way to see the value of localhost from within mySQL? What good is "127.0.0.1" (or "/tmp/mysql.sock") going to do? You could get the client to tell the server the virtual host name (perhaps tack it onto the end of the user name), but that won't prevent someone else from passing bogus information. Gordon L. Burditt --------------------------------------------------------------------- Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail <[EMAIL PROTECTED]> To unsubscribe, e-mail <[EMAIL PROTECTED]> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php