http://qs321.pair.com?node_id=918531


in reply to Mysql-CGI Security Question

This is a fairly common question, and an excellent one.

The short answer is, there is not a good solution to this problem. Your script has to run as the user, therefore the user has to be able to see the password. Try to make sure the file containing the password is as restrictive in read permissions as possible.

There is only one other semi-viable option. Use a custom DBD::Proxy based service which uses the password (which is different from the databases password) AND checksums the passed in sql based on IP address, or optionally uses named sql queries. However, this option only restricts what they can run to the dictionary of available queries. It doesn't stop somebody else from running those same queries.

my @a=qw(random brilliant braindead); print $a[rand(@a)];

Replies are listed 'Best First'.
Re^2: Mysql-CGI Security Question
by serotta1958 (Novice) on Aug 04, 2011 at 18:13 UTC

    you said "Try to make sure the file containing the password is as restrictive in read permissions as possible." does that mean the user logs in to each page over and over using that stored password? is that how you make sure the person doesnt by pass the login page and go directly to down stream scripts?