In a typical production setting you would have a web server exposed to the internet and a secure local network. The connection with the database should go only over the local network. ssh will protect you from employees snooping around (and stealing database password) but will make the database connection more of a bottleneck. Nor ssh nor password will protect you in case somebody hacks into the web server and acquires the credentials of the web server. If your web app can access the DB, the attacker can too. To some extend one can also configure the db engine to accept only connections form certain IPs and limit the roles of the user associated to the web app.
This is why it is very important to try prevent vulnerabilities in web apps. Massimo On Oct 15, 5:50 pm, achipa <[EMAIL PROTECTED]> wrote: > Depends of why he needs to hide the connection parameters in the first > place... > > Yarko: you can always do mysql over ssh. Not for the faint at heart, > but it IS paswordless and secure. > > On Oct 15, 9:44 pm, yarko <[EMAIL PROTECTED]> wrote: > > > I think the issue is: if the db server is on the same box, and the > > box is secure, then that's a limited issue; > > If the db server is accross a network, then nothing web2py (or > > anything else connecting) can help, without the support of the db - > > this practically means you find an alternate way of authenticating on > > the db . > > > On Oct 15, 2:05 pm, mdipierro <[EMAIL PROTECTED]> wrote: > > > > No that I know of. > > > > On Oct 15, 11:42 am, Pai <[EMAIL PROTECTED]> wrote: > > > > > Is there a way to hide password in the connection-string? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web2py Web Framework" group. To post to this group, send email to web2py@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/web2py?hl=en -~----------~----~----~----~------~----~------~--~---
