Beefy Boxes and Bandwidth Generously Provided by pair Networks
Keep It Simple, Stupid

Re: Secure ways to use DBI?

by aquarium (Curate)
on Apr 17, 2003 at 12:26 UTC ( #251171=note: print w/replies, xml ) Need Help??

in reply to Secure ways to use DBI?

it's a matter of how much time and money you want to spend. if you want to stay on the cheap side, consider kerberos, LDAP, SSL, default config files, etc. if you want top notch security you can setup one time passwords that are retrieved at web system start (activated by a keycard or retina scan) behind a DMZ. Seriously though, a database & web server running with least privileges (non-privileged users) and default database config files (.mycnf for mysql) will provide you with "good enough" security. If it's for a commercial venture, definitely stick the db box behind a DMZ and backup your database often. Chris

Replies are listed 'Best First'.
Re: Re: Secure ways to use DBI?
by ScooterQ (Pilgrim) on Apr 17, 2003 at 15:13 UTC
    (wow - I really like that kerberos key thing!)
    Another thing to consider is setting reasonable permissions on the user the CGI uses for database connections. If you only need to perform selects, don't give that user the ability to create and drop databases, among other things. This won't necessarily protect you from compromising your password, but it will help mitigate the damamge that can be done if someone gets in.

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://251171]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others chanting in the Monastery: (3)
As of 2021-01-16 05:28 GMT
Find Nodes?
    Voting Booth?