Date: Sat, 17 Jun 2000 14:04:33 -0700 (PDT) From: The Clark Family <res03db2@gte.net> To: Ryan Thompson <ryan@sasknow.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Securing Perl::DBI connections Message-ID: <Pine.BSF.4.21.0006171359190.37973-100000@orthanc.dsl.gtei.net> In-Reply-To: <Pine.BSF.4.21.0006171230140.69823-100000@ren.sasknow.com>
next in thread | previous in thread | raw e-mail | index | archive | help
FWIW. Apache can run as a different user than nobody. I usually create a user and group called apache for just that purpose. Acessing databases through DBI doesn't preclude using passwords and logins on the databases.(?) You perl code can also encrypt passwords before storing them. [RC] On Sat, 17 Jun 2000, Ryan Thompson wrote: > > Hi all, > > I have several mySQL users @localhost who have various privileges on > various databases. While no outside hosts are allowed to connect to mySQL > (and I have even blocked the ports on our uplink firewall), there is a > small chance that a user with local telnet access could discover passwords > for a few of the databases that our backend Perl applications use. There > is no really sensitive information up for grabs, but I *do* want to keep > things secure, if for no other reason than to ensure the integrity of the > databases. > > The problem lies in the storage of passwords. Automated programs need to > store the password. And, when we're talking about a world-readable > clear-text Perl program, we're talking about clear-text passwords. Now, I > could beef up permissions somewhat, but since most of these programs run > under Apache, they must be executable by "nobody". FWIW, I don't store > passwords in the programs themselves, just the support modules which exist > elsewhere on the system (completely off of our web tree). > > Any ideas on how I could ensure that only a few of my programs can have > access to a mySQL database, without putting the password clear-text for > anyone with a shell account to see? > > - Ryan > > -- > Ryan Thompson <ryan@sasknow.com> > Systems Administrator, Accounts > Phone: +1 (306) 664-1161 > > SaskNow Technologies http://www.sasknow.com > #106-380 3120 8th St E Saskatoon, SK S7H 0W2 > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0006171359190.37973-100000>