That said, if it makes you feel more comfortable, you could create a user id that has permission only to read the user table -- no other tables, no other access. If the passwords on the user table are encrypted, then even if he could somehow access your database without going through one of your existing programs, all he could find out would be user names and not passwords. I suppose you could encrypt user names on that table too, and then you'd have exactly what you're looking for.
In any case, even if a hacker could somehow see your PHP files and get a password, then unless you have the mySQL port open to the world, there's no way for him to do his own query unless he can also somehow drop PHP or whatever files on your system and run them. Unless you have your mySQL port open to the world, which would be a way bigger security risk than anything you've discussed so far. If you don't have a firewall that keeps the world out of your PHP port, you should at least have your ids set up to only allow local access.
2003. 8. 14. ... 12:50.Nils Valentin ........:while the general idea sounds not to bad, I guess the "bad guess" would
I meant the "bad guys" - what a silly typo ;-)
just use a undecrypt function wich they either develop themself or get from somewhere.
2003. 8. 14. ... 03:07.Lefevre, Steven ........:
> Hey folks -
>
> While contemplating the design of a secure web database, an idea struck
> me. I'm thinking of submitting it as a feature request, so please
> critique it.
>
> I'm having php handle user logon with it's .htaccess emulation. I'm
> storing usernames and password hashes in a table. The problem is that php
> needs to open MySQL with *some user* with *some permission*, just to read
> the user table and check the password. So, It seems that I have to store
> the password plaintext somewhere in some php file.
>
> (I asked the list about this earlier and several others had great
> suggestions on how to hide this plain-text password -- Thanks Rob! --
> but, can we make it better?)
>
> So if some wily hacker were to get the contents of this php file, s/he
> would get a username and password for the database. Now of course, I'm
> only going to give this user permission to read the user database, and
> all the passwords are hashed... but :
>
> I propose a new permission that I will call MD5read. It's like select,
> only it just returns hashes.
>
>
> So, say you do something like:
>
> SELECT password FROM user;
>
> 49726b60ccbf03d6c619632e1d5555b6
> f8ec2c9d79b5f969a96be968e7152bbd
>
>
> SELECT username, password FROM user;
>
> 24424b444b80831b677594a238f81dd9 | 4549625d8275b97b9b4f9662f1c550fa
> 1e5143d05b327f7d3cce15f9e3e44ad2 | fe3b4b388a69ceed38d6a0066e6a221b
>
>
> SELECT username+password+somethingelse FROM user;
>
> 49726b60ccbf03d6c619632e1d5555b6
> f8ec2c9d79b5f969a96be968e7152bbd
>
>
>
> So that way, if someone gets the username/password for this user, they
> can't get any data off of the database.
>
> One thing you have to watch is that you don't use the md5 function for a
> user that has only md5read permission, because that would double-hash it,
> and whatever you're checking would fail.
>
> I know you can do
> SELECT md5(username), md5(password) FROM user
> (or whatever the syntax is), but the user doing that has to have read
> permission already. So if a hacker gets that username and password, they
> are probably not going to hash data they are trying to get out of the
> database.
>
> I would feel safe storing a user's name and password in a plain text php
> script if they had only this permission.
>
> Is this useful? Are there any flaws in my reasoning?
--
---
Valentin Nils
Internet Technology
E-Mail: [EMAIL PROTECTED] URL: http://www.knowd.co.jp Personal URL: http://www.knowd.co.jp/staff/nils
--
---
Valentin Nils
Internet Technology
E-Mail: [EMAIL PROTECTED]
URL: http://www.knowd.co.jp
Personal URL: http://www.knowd.co.jp/staff/nils
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
-- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
