On Wed, 21 Nov 2001, Brandon Kohn wrote:
> As far as I know the only way to open a database session is to send username > and password data in plain text. I would like not to send plain text > passwords over the internet when trying to access the database. Aaah! > What I'm wondering is if there is a built-in method for decrypting a > password using a key and a standard encryption algorithm. AFAIK there isn't and IMHO there shouldn't be, an ssh tunnel is all you need. Use an ssh tunnel and everything get's encrypted (and compressed too, as a bonus) using only standard tools that are available everywhere and are used and maintained by a large number of people... The clear-text password is a bit ugly when you think about it, but when you think about it there is no reason to encrypt it, when the data isn't encrypted and if you encrypt the data as well then you might as well use an ssh tunnel. You should never allow access to the database by clients that are not under your control, as you can do a lot of damage to the DBMS via SQL, not to mention what expolits might be possible due to bugs in such a complex piece of software. -- Regards Flemming Frandsen aka. Dion/Swamp http://dion.swamp.dk
