[BLUG] A Couple Questions
Simon Ruiz
blug_at_mailman.cs.indiana.edu
Wed, 31 Jan 2007 11:55:18 -0500
The issue for us with this sort of thing on our workstations would be that we don't have total physical control of the workstations, see Live CD issue.
________________________________
From: blug-admin_at_cs.indiana.edu on behalf of Mark Krenz
Sent: Wed 1/31/2007 11:50 AM
To: blug_at_cs.indiana.edu
Subject: Re: [BLUG] A Couple Questions
This is why I think the mysqlinfo file (or pgsqlinfo, etc) makes
sense. Its simple, not tied to any specific language and works on
simple principles. Its not specifically for web applications and it
provides a single place to put the password.
On Suso, I've made it so that the webserver can read it and the user
that owns it can read it, but nobody else. Plus, I use a different
password for everyone's database access anyways. Things like PHP's
safe mode and Apache's suexec provide mechanisms to protect it from
other user's web applications reading other user's mysqlinfo files.
Mark