Re: [PHP] Secure Password (MySQL) Storage
On Thursday 25 November 2004 17:43, Olaf van der Spek wrote: I'm more worried about the data (in MySQL), not the code. By protecting the MySQL password from being read by scripts directly and only allowing access based on the current vhost, only this vhost can access it's own database and not somebody else. Set default MySQL user and password in your virtual host container. Then connect to MySQL without specifying user and password. -- Jason Wong - Gremlins Associates - www.gremlins.biz Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general -- /* Spock: We suffered 23 casualties in that attack, Captain. */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Secure Password (MySQL) Storage
Raditha Dissanayake wrote: Olaf van der Spek wrote: Hi, Is there a way to store MySQL (or other sensitive data) that will be It should read MySQL passwords. passed to a library in such a way that scripts itself can't access this? A per-vhost store would be ideal. If not, would this be a good idea to implement? Your question is not very clear but if you want to protect your data from prying eyes surely the best way would be to encrypt it? as for security on shared hosting enviorenments we have discussed that topic in the past a few times and the voices of authority strongly believe that it's not possible to completely prevent other users from taking a peek at your code. But then again you could use the turck or zend encoder on it. I'm more worried about the data (in MySQL), not the code. By protecting the MySQL password from being read by scripts directly and only allowing access based on the current vhost, only this vhost can access it's own database and not somebody else. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Secure Password (MySQL) Storage
Jason Wong wrote: On Thursday 25 November 2004 17:43, Olaf van der Spek wrote: I'm more worried about the data (in MySQL), not the code. By protecting the MySQL password from being read by scripts directly and only allowing access based on the current vhost, only this vhost can access it's own database and not somebody else. Set default MySQL user and password in your virtual host container. Then connect to MySQL without specifying user and password. That's a reasonable solution, but what if multiple SQL users per vhost are needed? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Secure Password (MySQL) Storage
On Friday 26 November 2004 05:52, Olaf van der Spek wrote: That's a reasonable solution, but what if multiple SQL users per vhost are needed? Frankly, if that vhost is going to require that level of 'complexity' then that vhost would be better off on a dedicated server. A dedicated server isn't that much more expensive than a shared host and the flexibility and the peace of mind is well worth the extra. -- Jason Wong - Gremlins Associates - www.gremlins.biz Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general -- /* Zapp: She's built like a steak house but she handles like a bistro. */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Secure Password (MySQL) Storage
Olaf van der Spek wrote: Hi, Is there a way to store MySQL (or other sensitive data) that will be passed to a library in such a way that scripts itself can't access this? A per-vhost store would be ideal. If not, would this be a good idea to implement? Your question is not very clear but if you want to protect your data from prying eyes surely the best way would be to encrypt it? as for security on shared hosting enviorenments we have discussed that topic in the past a few times and the voices of authority strongly believe that it's not possible to completely prevent other users from taking a peek at your code. But then again you could use the turck or zend encoder on it. -- Raditha Dissanayake. -- http://www.radinks.com/print/card-designer/ | Card Designer Applet http://www.radinks.com/upload/ | Drag and Drop Upload -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php