in reply to Re: Re: Secure ways to use DBI?
in thread Secure ways to use DBI?
The question you need to ask yourself is this: "If some wiley hax0r where to gain control of the web server, how difficult would it be for them to get my database password?"
If they see before them a script that uses ssh, can they then use that script to get the password? If so, you haven't gained yourself much.
Now if this is all done from a middle tier that the wiley hax0r can't get to, that's another matter.
Whether what you describe is a "middle-tier process" I don't know. Perhaps.
Update: What this scheme seems to protect against is losing the password to a sniffer. That works only if you're then using some secure, database-dependent login mechanism, or are using ssh-tunneling to talk to the database.