in reply to
Securing the database password for web applications
Security is always an issue with our Web Based Applications. We have an account that can read/write to the various databases and tables that our applications create within our framework. We use a MySQL backend. We have a table within one of our databases that contain a list of accounts (user/pass). The passwords have been encrypted.
To connect to the database initially and verify the user/pass, we use a db account (user/pass) that is configured via an outside config file that can only read this table that contains the list of accounts and encrypted passwords. Once we connect to the database with this account (from the conf file), it verifies the user/pass using an encryption/decryption perl module. If a successful match is found, we then connect to the database with that account.
Of course there are several perl modules on CPAN that allow you to choose the encryption/decryption method that fits you best.
Hope this helps