Tim Hewitt wrote: > Arjen G. Lentz [mailto:[EMAIL PROTECTED]] wrote: > > > >Hi Tim, > > > >----- Original Message ----- > >From: "Tim Hewitt" <[EMAIL PROTECTED]> > > > >> It would be nice if mySQL supported some form of encrypted login > where > >> the username and password could be decrypted internally somehow. > > > >Security through obscurity isn't REALLY safe. It just hides it a bit. > Anyone > >could still get to it, with a bit of effort. > [clip] > > I did not mean for this to be an off-topic PHP post, what I was noodling > about here was a mySQL means to provide a more secure access for > scripting languages like Perl, Python and PHP - which end up with > insecure username and password config files all over the Internet. > > I don't know what this mechanism is - I'm not even sure I can think it > through at the moment - but something like checking a server variable > like http_server, or maybe even http_document_root and only allowing the > login if the script was being run from the appropriate location. Perhaps > limiting a login for a specific username only from a specific > document_root? > > The problem with checking for username@localhost - which is what most > installations do, at least through phpMyAdmin on CPANEL hosts - is that > once your username and password are available, you are vulnerable from > any other shared host on the same server. Their host is also > "localhost." > > Is there a way to see the value of localhost from within mySQL? > > Thanks, > > -Tim > > --------------------------------------------------------------------- > Before posting, please check: > http://www.mysql.com/manual.php (the manual) > http://lists.mysql.com/ (the list archive) > > To request this thread, e-mail <[EMAIL PROTECTED]> > To unsubscribe, e-mail <[EMAIL PROTECTED]> > Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
--------------------------------------------------------------------- Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail <[EMAIL PROTECTED]> To unsubscribe, e-mail <[EMAIL PROTECTED]> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
