http://qs321.pair.com?node_id=251335


in reply to Secure ways to use DBI?

There have already been some great responses to this question, but taking it froma different angle, One thing I try to do is match the database user to the trust given to the outside web user. 95% of the people that access a dtabase in my apps are doing lookups. so I create the Database user that can only do lookups. that way if the password is given to the whole world they really can't do more than they can from the website.

If I need acces to things like deltes etc. I will require a user id an password to be input from the site (https page) then the password is not needed to be stored in the script.