Beefy Boxes and Bandwidth Generously Provided by pair Networks
Problems? Is your data what you think it is?
 
PerlMonks  

comment on

( [id://3333]=superdoc: print w/replies, xml ) Need Help??

Even using GRANT to set up a userid with limited privileges, you are still vunerable to people setting values manually rather than those your script derives.

I was going to suggest having a server application running on your Debian box that receives the values from the script on the client and have it make the updates to the database, but the unscrupulous people you fear could still send bad data.

The only reasonably secure way I can think of is to have the client script only send the inputs gathered at the client and the have the server do whatever process your client script currently does to derive the values for update and then make them.

This way, all the important information, userid/password, database, tables, and field names are all kept private in a script that the user should never be able to see.

Personally, rather than writing a full client-server, two-way traffic application which can be hard--especially the culling of CLOSE-WAIT bound child processes at the server end--I'd have two userids.

One with read-only privileges would be used by your client application--with userid/password embedded as now--to request data as needed and let the DBM take care of the multi-user aspects of things.

The second would have the write privileges and be used by a server app, that listens on a single port and only allows a single connection at a time. It would sit blocking until it received a packet of input, do what ever manipulation and validation that part of your current client uses and then perform the update, and go back to waiting.

Where your existing client code currently connects to MySQl, it would connect to the server port, fire the data in a UDP packet and close the port. If it couldn't connect because the server was busy, just sleep rand*5; and try again.

You should still do the validation of the data at the client end so that it doesn't need to get confirmation from the server, but you should send the raw input to the server and have it revalidate to make it harder for people to send spurious values into the DBM.

It's not a bulletproof solution, but I think will prevent anything other than the most determined attempts to supply fraudulent data and it should be relatively simple to implement as it would just reuse most of the code you already have.

Sending a UDP packet with LWP is very easy, and writing a wait-read-validate-update-loop server it not much harder.


Cor! Like yer ring! ... HALO dammit! ... 'Ave it yer way! Hal-lo, Mister la-de-da. ... Like yer ring!

In reply to Re: Hiding DBI MySQL username and password values from win98 users by BrowserUk
in thread Hiding DBI MySQL username and password values from win98 users by scratch

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":



  • Are you posting in the right place? Check out Where do I post X? to know for sure.
  • Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
    <code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
  • Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
  • Want more info? How to link or How to display code and escape characters are good places to start.
Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others making s'mores by the fire in the courtyard of the Monastery: (6)
As of 2024-03-28 12:14 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found