Date: Tue, 13 Jun 2000 16:55:59 -0600 (CST) From: Ryan Thompson <ryan@sasknow.com> To: freebsd-database@freebsd.org Subject: Securing Perl::DBI connections Message-ID: <Pine.BSF.4.21.0006131647250.17318-100000@ren.sasknow.com>
next in thread | raw e-mail | index | archive | help
Hi all, I have several mySQL users @localhost who have various privileges on various databases. While no outside hosts are allowed to connect to mySQL (and I have even blocked the ports on our uplink firewall), there is a small chance that a user with local telnet access could discover passwords for a few of the databases that our backend Perl applications use. There is no really sensitive information up for grabs, but I *do* want to keep things secure, if for no other reason than to ensure the integrity of the databases. The problem lies in the storage of passwords. Automated programs need to store the password. And, when we're talking about a world-readable clear-text Perl program, we're talking about clear-text passwords. Now, I could beef up permissions somewhat, but since most of these programs run under Apache, they must be executable by "nobody". FWIW, I don't store passwords in the programs themselves, just the support modules which exist elsewhere on the system (completely off of our web tree). Any ideas on how I could ensure that only a few of my programs can have access to a mySQL database, without putting the password clear-text for anyone with a shell account to see? - Ryan -- Ryan Thompson <ryan@sasknow.com> Systems Administrator, Accounts Phone: +1 (306) 664-1161 SaskNow Technologies http://www.sasknow.com #106-380 3120 8th St E Saskatoon, SK S7H 0W2 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-database" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0006131647250.17318-100000>