[prev in list] [next in list] [prev in thread] [next in thread] 

List:       mysql
Subject:    Re: user-based authentication
From:       Van <vanboers () server ! dedserius ! com>
Date:       1999-07-20 23:15:56
[Download RAW message or body]

sinisa@cytanet.com.cy wrote:
> 
> Brighten Godfrey writes:
>  > Am I right in believing that there is no way of securely limiting a mysql
>  > user to logging in from a specific account?  (This is with the latest
>  > version of MySQL on Caldera OpenLinux 2.2).  The issue is that I need a
>  > CGI to connect to the database, so it needs to store a password to connect
>  > with.  I can use Apache's suEXEC module to store the password in a file
>  > readable only by the user that the CGI is run as, but still, this is
>  > rather insecure since the password would be stored unencrypted.  Ideas?
>  >
>  > Thanks very much,
>  > ~Brighten
>  >       ________________________________________________________________
>  >             Brighten Godfrey                   godfreyb@bigw.org
>  >             http://brighten.bigw.org/           godfreyb@cmu.edu
>  >       ________________________________________________________________
>  >
> 
mod_auth_mysql works awesome.  It's tricky setting it up at first (give
yourself a few hours to work out the synchronization with the mysql
dbase), but once installed; very slick.  Also, make sure you lock down
your standard UNIX security with host.allow/.deny, and don't run
services you don't need.  If people try to crack your web-server, run
crons to back-up your pages somewhere secure and let root make sure they
get updated.  The Web-server only requires microseconds to restart on
even the slowest machines.
My 2 cents.
Van
-- 
=========================================================================
Linux rocks!!!   http://www.dedserius.com
=========================================================================

---------------------------------------------------------------------
Please check "http://www.mysql.com/Manual_chapter/manual_toc.html" before
posting. To request this thread, e-mail mysql-thread7924@lists.mysql.com

To unsubscribe, send a message to the address shown in the
List-Unsubscribe header of this message. If you cannot see it,
e-mail mysql-unsubscribe@lists.mysql.com instead.

[prev in list] [next in list] [prev in thread] [next in thread]