Beefy Boxes and Bandwidth Generously Provided by pair Networks
Syntactic Confectionery Delight
 
PerlMonks  

comment on
( [id://3333]=superdoc: print w/replies, xml ) Need Help??
It seems you want to protect three different things: the password stored in your scripts, the password sent over the network while authenticating to mysqld (either on localhost or remotely), and the records themselves. I'll treat each separately.

1) You can secure the passwords stored on disk from everybody but root by putting the login information only in .my.cnf as mentioned in the doc referenced by btrott, and then having all your scripts use that. The line I have in all my scripts is 

$dbh = DBI->connect("dbi:mysql:;mysql_read_default_file=/home/username
+/.my.cnf",
                    "", "", {RaiseError => 1 , PrintError => 1});

[download]
Of course, make sure .my.cnf has file permissions 0600, or you defeat the whole purpose ;-).

2) MySQL doesn't advertise itself as secure or terribly reliable (as RDBMS's go), but you may be able achieve some security through obscurity from casual packet snoopers, if there is such a thing. According to the O'Reilly DBI book, later versions of MySQL allow you to compress connections. I don't know whether this concerns the only record transmission or the login procedure as well, so I strongly suggest you research it before using it (I couldn't find anything in the mysql doc TOC). In any case, you can use the feature from DBI by passing the attribute "mysql_compression=1" in the connect statement.

3) Apart from the compression, there's not anything you can do with MySQL encryption-wise, AFAIK. Like the other posters mentioned, you really need to look into a more highly powered DB if this concerns you.

In reply to Re: Security using MySQL & CGI by athomason
in thread How can I secure MySQL & CGI? by Kozz

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":


  • Are you posting in the right place? Check out Where do I post X? to know for sure.
  • Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
    <code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
  • Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
  • Want more info? How to link or How to display code and escape characters are good places to start.
Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others meditating upon the Monastery: (4)
As of 2024-04-25 05:15 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found