RE: OT: Securing username and password in script file

2001-11-14 Thread Tim Hewitt
Gordon Burditt [mailto:[EMAIL PROTECTED]] wrote: > > There's a problem here: you need to have whatever > information is needed to access MySQL (or any other database) > in those files. If someone else on the same machine can get > that information, he can also access the database. It > does

Re: OT: Securing username and password in script file

2001-11-13 Thread Gordon Burditt
>I did not mean for this to be an off-topic PHP post, what I was noodling >about here was a mySQL means to provide a more secure access for >scripting languages like Perl, Python and PHP - which end up with >insecure username and password config files all over the Internet. There's a problem here

Re: OT: Securing username and password in script file

2001-11-12 Thread Ngo Hong Son
Tim Hewitt wrote: > Arjen G. Lentz [mailto:[EMAIL PROTECTED]] wrote: > > > >Hi Tim, > > > >- Original Message - > >From: "Tim Hewitt" <[EMAIL PROTECTED]> > > > >> It would be nice if mySQL supported some form of encrypted login > where > >> the username and password could be decrypted int

RE: OT: Securing username and password in script file

2001-11-12 Thread Tim Hewitt
Arjen G. Lentz [mailto:[EMAIL PROTECTED]] wrote: > >Hi Tim, > >- Original Message - >From: "Tim Hewitt" <[EMAIL PROTECTED]> > >> It would be nice if mySQL supported some form of encrypted login where >> the username and password could be decrypted internally somehow. > >Security through o

Re: OT: Securing username and password in script file

2001-11-12 Thread Arjen G. Lentz
Hi Tim, - Original Message - From: "Tim Hewitt" <[EMAIL PROTECTED]> > It would be nice if mySQL supported some form of encrypted > login where the username and password could be decrypted > internally somehow. Security through obscurity isn't REALLY safe. It just hides it a bit. Anyone

RE: OT: Securing username and password in script file

2001-11-12 Thread Tim Hewitt
Peter Lovatt [mailto:[EMAIL PROTECTED]] wrote: > >This is not really a problem for me now, because I have my own server, >and control who has access. This is a problem on virtual hosting, >because anybody could be on there. You are exactly correct. This problem is huge on virtual hosting accoun

RE: OT: Securing username and password in script file

2001-11-11 Thread Peter Lovatt
anx for that) Peter > -Original Message- > From: Carl Troein [mailto:[EMAIL PROTECTED]] > Sent: 11 November 2001 14:25 > To: [EMAIL PROTECTED] > Subject: Re: OT: Securing username and password in script file > > > > Peter Lovatt writes: > > > I don't

Re: OT: Securing username and password in script file

2001-11-11 Thread Carl Troein
Peter Lovatt writes: > I don't think there is a secure way of running php on a shared server. If by 'shared' you mean that you have users, then there is a very good way of doing it. Assuming that you use apache, have a look at the suexec wrapper. > I looked at ways of securing it but, fundame