Excellent suggestion. Looks really promising. Thanks,
Dave On Jul 16, 2010, at 6:53 AM, Moshe Weitzman wrote: >> Adding connection strings to globals avoids the question of, "where are they >> stored and where do they come from?" If the user is "configuring a >> database connection" for ad hoc queries, do you think the security team >> would consider it a vulnerability to be storing these connection strings >> with variable_set, or some other created table? I haven't really heard a >> "that's crazy,man" response yet... so maybe this is not a concern. After >> all, we do store password hashes in the DB right? Oath tokens, etc. ? > > You want reversible encryption here. Seems like there is a handy API > module for it: http://drupal.org/project/encrypt
