Come for the quick hacks, stay for the epiphanies. | |
PerlMonks |
comment on |
( [id://3333]=superdoc: print w/replies, xml ) | Need Help?? |
I use ssh (F-secure) to call a (bash/SQL*plus) script
that reside on the database server.
The question you need to ask yourself is this: "If some wiley hax0r where to gain control of the web server, how difficult would it be for them to get my database password?" If they see before them a script that uses ssh, can they then use that script to get the password? If so, you haven't gained yourself much. Now if this is all done from a middle tier that the wiley hax0r can't get to, that's another matter. Whether what you describe is a "middle-tier process" I don't know. Perhaps. Update: What this scheme seems to protect against is losing the password to a sniffer. That works only if you're then using some secure, database-dependent login mechanism, or are using ssh-tunneling to talk to the database.
In reply to Re: Re: Re: Secure ways to use DBI?
by dws
|
|