Do you know where your variables are? | |
PerlMonks |
Re: Re: Re: Secure ways to use DBI?by dws (Chancellor) |
on Apr 17, 2003 at 17:20 UTC ( [id://251263]=note: print w/replies, xml ) | Need Help?? |
I use ssh (F-secure) to call a (bash/SQL*plus) script
that reside on the database server.
The question you need to ask yourself is this: "If some wiley hax0r where to gain control of the web server, how difficult would it be for them to get my database password?" If they see before them a script that uses ssh, can they then use that script to get the password? If so, you haven't gained yourself much. Now if this is all done from a middle tier that the wiley hax0r can't get to, that's another matter. Whether what you describe is a "middle-tier process" I don't know. Perhaps. Update: What this scheme seems to protect against is losing the password to a sniffer. That works only if you're then using some secure, database-dependent login mechanism, or are using ssh-tunneling to talk to the database.
In Section
Seekers of Perl Wisdom
|
|