List:General Discussion« Previous MessageNext Message »
From:Sasha Pachev Date:June 1 1999 3:50pm
Subject:Re: myODBC and mySQL-preservationweb
View as plain text  
efrazier@stripped wrote:
> 
> hi,
> 
> We are going to end up needing about 3 or 4 different people to have access
> to mySQL though myODBC. The problem is at least 2 of those people are using
> dial in providers. As far as I know it will be difficult or impossible for
> them to get a dedicated IP address that way. Is there any way that something
> like a mask could be used instead of just a % in the user table? What is the
> big problem with using just the user name and password for authetication? If
> it is that they are not encrypted, then how do you send them encrypted from
> Access without writting a VB app?
> 
> Thanks,
> 
> Eric

An easy, but very gaping security hole solution would be
to enable access from all hosts. The problem with
user/pass authentication is the same as the one with
telnet: the password and user name will traverse the net
unencrypted. Another problem is that if MySQL just
happens to have some security whole somewhere in the
daemon, this will allow all hackers in the world to try
to exploit it. There are probably some other reasons I
can't think of right away, but a very good security
policy is to be a restrictive as possible, and loosen
the restrictions minimanally each time you run into
something that you cannot accomplish with your current
security limitations. 

-- 
Sasha Pachev
http://www.sashanet.com/ (home)
http://www.direct1.com/ (work)
Thread
Re: myODBC and mySQL-preservationwebefrazier1 Jun
  • Re: myODBC and mySQL-preservationwebSasha Pachev1 Jun
    • Re: myODBC and mySQL-preservationwebunknown1 Jun