Hi your absolutely right on this. I either have to come up with a way to
eliminate password from file. I have an idea but I think it is rather
complicated. I guess the best bet would be stricter folder security
(permissions). Will play around with that idea.
Thanks for the eye opener.
On Sat, Jul 11, 2009 at 10:22 PM, Ask Bjørn Hansen <ask@stripped>wrote:
>
> On Jul 11, 2009, at 5:47, Arjen Lentz wrote:
>
> When you think about it further, you'll realise that the point is fairly
>> moot: if you create an MD5 or SHA1 from a password as a one-off operation,
>> and use that, then that is effectively your password and that's as such no
>> more secure than the original password, if someone were to get their hands
>> on the config file.
>>
>
> If you don't trust the network between the app and the mysql server; use
> SSL.
>
> if you don't trust the server where the app is running the best you can do
> is not have the password stored on the server and enter it whenever you
> start the application.
>
>
> - ask
>
