Beefy Boxes and Bandwidth Generously Provided by pair Networks
Welcome to the Monastery
 
PerlMonks  

Re: Securing the database password for web applications

by FitTrend (Pilgrim)
on Mar 08, 2005 at 18:26 UTC ( #437689=note: print w/ replies, xml ) Need Help??


in reply to Securing the database password for web applications

Security is always an issue with our Web Based Applications. We have an account that can read/write to the various databases and tables that our applications create within our framework. We use a MySQL backend. We have a table within one of our databases that contain a list of accounts (user/pass). The passwords have been encrypted.

To connect to the database initially and verify the user/pass, we use a db account (user/pass) that is configured via an outside config file that can only read this table that contains the list of accounts and encrypted passwords. Once we connect to the database with this account (from the conf file), it verifies the user/pass using an encryption/decryption perl module. If a successful match is found, we then connect to the database with that account.

Of course there are several perl modules on CPAN that allow you to choose the encryption/decryption method that fits you best.

Hope this helps


Comment on Re: Securing the database password for web applications

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://437689]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others studying the Monastery: (6)
As of 2014-08-28 04:18 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The best computer themed movie is:











    Results (256 votes), past polls