Addressed to: "s.budd" <[EMAIL PROTECTED]>
[EMAIL PROTECTED]
** Reply to note from "s.budd" <[EMAIL PROTECTED]> Wed, 21 Feb 2001 10:03:33 -0000
>
>
> But if the database is on another machine then the password is sent as plain
> text over the internet, no?
No. MySQL encrypts the password when it sends it from the client to the
server.
Also, in most cases where the db and the web server are separate
machines they are on the same subnet, in the same building, and the
packets never make it past the first switch or router they encounter.
If you want serious security, put a second set of network cards in the
web servers and create a special network that only connects them to the
database server, and disconnect the db server from the Internet. Make
sure IP forwarding is OFF in the web servers and you have one more
thing a hacker has to get thru to see what is in the database.
Rick Widmer
Internet Marketing Specialists
http://www.developersdesk.com
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
