List:General Discussion« Previous MessageNext Message »
From:Vikram A Date:April 28 2010 5:19pm
Subject:Re: My sql Security
View as plain text  
Sir,
I will drop the authentication part.  If stored in the code, the db password is subject
to change when needed. In this case i can not change my part of the code. So I will go
for the config file for the credentials.

Thank you for the solutions/suggestions.

Vikram




________________________________
From: Johan De Meersman <vegivamp@stripped>
To: Vikram A <vikkiatbipl@stripped>
Cc: MY SQL Mailing list <mysql@stripped>
Sent: Wed, 28 April, 2010 9:55:38 PM
Subject: Re: My sql Security

Rip out the DB authentication part, and store those credentials in-code, in
some config file or the registry, or some remote mechanism like LDAP.

If your users need to access multiple servers, just give them an option for
each server, but don't let them enter DB credentials themselves.

Users are not to be trusted with direct data access; they're way too devious
for their own good :-)

On Wed, Apr 28, 2010 at 11:05 AM, Vikram A <vikkiatbipl@stripped> wrote:

> Sir,
> Yes; As per your mail, i understood that the authentication must be
> separated for both app and the db.
> Let me send my login Authentication screen; I request you guide me how can
> handle this.
>
> Thank you
>
> Vikram
>
> ------------------------------
> *From:* Johan De Meersman <vegivamp@stripped>
>
> *To:* Vikram A <vikkiatbipl@stripped>
> *Cc:* MY SQL Mailing list <mysql@stripped>
> *Sent:* Wed, 28 April, 2010 2:10:45 PM
>
> *Subject:* Re: My sql Security
>
> I'm afraid you can't discern between clients and applications on the MySQL
> level. Your application authentication should be separate from the MySQL
> one.
>
>
> On Wed, Apr 28, 2010 at 10:28 AM, Vikram A <vikkiatbipl@stripped> wrote:
>
> > Hi all,
> > I have some security issues. I would like to have your
> > suggestions/solutions.
> >
> > I have winserver2003 with mysql 5.1.45. We have client serve application
> > that allows multi-login system with various people.
> >
> > I am getting user name, password for database login when the try to use
> > login      [which is for Application]. By using DB the user name and the
> > password, people who know the mysql are opening the DB using some GUI
> tools.
> > How this can be avoided; because it is major issue right now in my work
> > place.
> >
> > Please Can any one can help me?
> >
> > Thank you
> >
> > VIKRAM A
> >
> >
> >
>
>
> --
> Bier met grenadyn
> Is als mosterd by den wyn
> Sy die't drinkt, is eene kwezel
> Hy die't drinkt, is ras een ezel
>
>


-- 
Bier met grenadyn
Is als mosterd by den wyn
Sy die't drinkt, is eene kwezel
Hy die't drinkt, is ras een ezel



Thread
My sql SecurityVikram A28 Apr
  • Re: My sql SecurityJohan De Meersman28 Apr
  • Re: My sql Securitynwood28 Apr
    • Re: My sql SecurityVikram A28 Apr
Re: My sql SecurityJohan De Meersman28 Apr
  • Re: My sql SecurityVikram A28 Apr