Beefy Boxes and Bandwidth Generously Provided by pair Networks
good chemistry is complicated,
and a little bit messy -LW

Re: Mysql-CGI Security Question

by Rhandom (Curate)
on Aug 04, 2011 at 13:49 UTC ( #918531=note: print w/replies, xml ) Need Help??

in reply to Mysql-CGI Security Question

This is a fairly common question, and an excellent one.

The short answer is, there is not a good solution to this problem. Your script has to run as the user, therefore the user has to be able to see the password. Try to make sure the file containing the password is as restrictive in read permissions as possible.

There is only one other semi-viable option. Use a custom DBD::Proxy based service which uses the password (which is different from the databases password) AND checksums the passed in sql based on IP address, or optionally uses named sql queries. However, this option only restricts what they can run to the dictionary of available queries. It doesn't stop somebody else from running those same queries.

my @a=qw(random brilliant braindead); print $a[rand(@a)];

Replies are listed 'Best First'.
Re^2: Mysql-CGI Security Question
by serotta1958 (Novice) on Aug 04, 2011 at 18:13 UTC

    you said "Try to make sure the file containing the password is as restrictive in read permissions as possible." does that mean the user logs in to each page over and over using that stored password? is that how you make sure the person doesnt by pass the login page and go directly to down stream scripts?

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://918531]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others lurking in the Monastery: (4)
As of 2020-11-26 15:51 GMT
Find Nodes?
    Voting Booth?

    No recent polls found