List:Community« Previous MessageNext Message »
From:Julian Muscat Doublesin Date:July 13 2009 3:48pm
Subject:Re: Encrypt Server Password
View as plain text  
Hi your absolutely right on this. I either have to come up with a way to
eliminate password from file. I have an idea but I think it is rather
complicated. I guess the best bet would be stricter folder security
(permissions). Will play around with that idea.

Thanks for the eye opener.

On Sat, Jul 11, 2009 at 10:22 PM, Ask Bjørn Hansen <ask@stripped>wrote:

>
> On Jul 11, 2009, at 5:47, Arjen Lentz wrote:
>
>  When you think about it further, you'll realise that the point is fairly
>> moot: if you create an MD5 or SHA1 from a password as a one-off operation,
>> and use that, then that is effectively your password and that's as such no
>> more secure than the original password, if someone were to get their hands
>> on the config file.
>>
>
> If you don't trust the network between the app and the mysql server; use
> SSL.
>
> if you don't trust the server where the app is running the best you can do
> is not have the password stored on the server and enter it whenever you
> start the application.
>
>
>  - ask
>

Thread
Encrypt Server PasswordJulian Muscat Doublesin10 Jul
  • Re: Encrypt Server PasswordArjen Lentz11 Jul
    • Re: Encrypt Server PasswordAsk Bjørn Hansen11 Jul
      • Re: Encrypt Server PasswordJulian Muscat Doublesin13 Jul