Beefy Boxes and Bandwidth Generously Provided by pair Networks
Keep It Simple, Stupid

Re: Securing the database password for web applications

by FitTrend (Pilgrim)
on Mar 08, 2005 at 18:26 UTC ( #437689=note: print w/ replies, xml ) Need Help??

in reply to Securing the database password for web applications

Security is always an issue with our Web Based Applications. We have an account that can read/write to the various databases and tables that our applications create within our framework. We use a MySQL backend. We have a table within one of our databases that contain a list of accounts (user/pass). The passwords have been encrypted.

To connect to the database initially and verify the user/pass, we use a db account (user/pass) that is configured via an outside config file that can only read this table that contains the list of accounts and encrypted passwords. Once we connect to the database with this account (from the conf file), it verifies the user/pass using an encryption/decryption perl module. If a successful match is found, we then connect to the database with that account.

Of course there are several perl modules on CPAN that allow you to choose the encryption/decryption method that fits you best.

Hope this helps

Comment on Re: Securing the database password for web applications

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://437689]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others musing on the Monastery: (6)
As of 2015-11-28 13:05 GMT
Find Nodes?
    Voting Booth?

    What would be the most significant thing to happen if a rope (or wire) tied the Earth and the Moon together?

    Results (741 votes), past polls