>I did not mean for this to be an off-topic PHP post, what I was noodling
>about here was a mySQL means to provide a more secure access for
>scripting languages like Perl, Python and PHP - which end up with
>insecure username and password config files all over the Internet.
There's a problem here: you need to have whatever information
is needed to access MySQL (or any other database) in those files.
If someone else on the same machine can get that information, he
can also access the database. It doesn't matter if this information
is encrypted for transmission - every client knows how to do that.
>I don't know what this mechanism is - I'm not even sure I can think it
>through at the moment - but something like checking a server variable
>like http_server, or maybe even http_document_root and only allowing the
>login if the script was being run from the appropriate location. Perhaps
>limiting a login for a specific username only from a specific
>document_root?
There is no known method of sucking down client-side information
(like UNIX user name/id, environment variables, current directory,
etc.) from the server end of an Internet-domain socket. The
protocols just won't do it. The client end has to supply this
information. This means that it can lie about it.
You might get a UNIX userid out of UNIX-domain sockets (and all
you will get if you're running mod_php is the userid of the web
server), but you won't get other information like virtual host
name, document root, or other such information, and this depends
on the MySQL server and the web server being on the same machine
(often undesirable for security and/or performance reasons).
Having a tamper-proof client linked in with a hostile program and
retaining tamper-proof-ness is very, very difficult, especially if
the client is written in C. It is less hard for a scripting language
like PHP (but all bets are off if the attacker is also allowed to
use C - a problem with using "secure clients" is that even one
insecure client can ruin all the security). Having the client be
open-source makes the problem even worse: it would be rather easy
to change where it gets the information it sends the server and
compile a hacked client which destroys security in the shared-webserver
scenario.
Besides, there are plenty of times I want to access MySQL from a
machine that doesn't even HAVE a web server.
>The problem with checking for username@localhost - which is what most
>installations do, at least through phpMyAdmin on CPANEL hosts - is that
>once your username and password are available, you are vulnerable from
>any other shared host on the same server. Their host is also
>"localhost."
Your script has to have the information necessary to access the
database (this is not unique to MySQL). If other virtual hosts
are able to get this information, you're screwed. Adding one more
piece of information that can be obtained just as easily as the
other things doesn't help the situation any.
>Is there a way to see the value of localhost from within mySQL?
What good is "127.0.0.1" (or "/tmp/mysql.sock") going to do?
You could get the client to tell the server the virtual host
name (perhaps tack it onto the end of the user name), but
that won't prevent someone else from passing bogus information.
Gordon L. Burditt
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
