While youre talking about security (this is off topic but...)
Is there a way to have the passwords sent encrypted instead of clear text
using apacha and mod_auth_mysql? I dont know much about SSL and stuff, is
that the way to go and in that case, does it work with mod_auth_mysql?
I totally agree with you that mod_auth_mysql does a VERY good job, i also
like the other mysql apache module the same guy wrote, mod_log_mysql :)
/Johan Isacsson
On Wed, 21 Jul 1999 sinisa@stripped wrote:
> Van writes:
> > sinisa@stripped wrote:
> > >
> > > Brighten Godfrey writes:
> > > > Am I right in believing that there is no way of securely limiting a
> mysql
> > > > user to logging in from a specific account? (This is with the
> latest
> > > > version of MySQL on Caldera OpenLinux 2.2). The issue is that I
> need a
> > > > CGI to connect to the database, so it needs to store a password to
> connect
> > > > with. I can use Apache's suEXEC module to store the password in a
> file
> > > > readable only by the user that the CGI is run as, but still, this
> is
> > > > rather insecure since the password would be stored unencrypted.
> Ideas?
> > > >
> > > > Thanks very much,
> > > > ~Brighten
> > > >
> ________________________________________________________________
> > > > Brighten Godfrey godfreyb@stripped
> > > > http://brighten.bigw.org/ godfreyb@stripped
> > > >
> ________________________________________________________________
> > > >
> > >
> > mod_auth_mysql works awesome. It's tricky setting it up at first (give
> > yourself a few hours to work out the synchronization with the mysql
> > dbase), but once installed; very slick. Also, make sure you lock down
> > your standard UNIX security with host.allow/.deny, and don't run
> > services you don't need. If people try to crack your web-server, run
> > crons to back-up your pages somewhere secure and let root make sure they
> > get updated. The Web-server only requires microseconds to restart on
> > even the slowest machines.
> > My 2 cents.
> > Van
> > --
> > =========================================================================
> > Linux rocks!!! http://www.dedserius.com
> > =========================================================================
> >
> >
>
>
> Hi Van!
>
> I could not agree more !!
>
> Wherever I have installed it, it provided maximum security.
>
> Sinisa
>
> +----------------------------------------------------------------------+
> | TcX ____ __ _____ _____ ___ == mysql@stripped |
> | /*/\*\/\*\ /*/ \*\ /*/ \*\ |*| Sinisa Milivojevic |
> | /*/ /*/ /*/ \*\_ |*| |*||*| mailto:sinisa@stripped|
> | /*/ /*/ /*/\*\/*/ \*\|*| |*||*| Larnaka, Cyprus |
> | /*/ /*/ /*/\*\_/*/ \*\_/*/ |*|____ |
> | ^^^^^^^^^^^^/*/^^^^^^^^^^^\*\^^^^^^^^^^^ |
> | /*/ \*\ Developers Team |
> +----------------------------------------------------------------------+
>
>
>
>
> ---------------------------------------------------------------------
> Please check "http://www.mysql.com/Manual_chapter/manual_toc.html" before
> posting. To request this thread, e-mail mysql-thread7959@stripped
>
> To unsubscribe, send a message to the address shown in the
> List-Unsubscribe header of this message. If you cannot see it,
> e-mail mysql-unsubscribe@stripped instead.
>
>
