List:Community« Previous MessageNext Message »
From:Ask Bjørn Hansen Date:July 11 2009 8:22pm
Subject:Re: Encrypt Server Password
View as plain text  
On Jul 11, 2009, at 5:47, Arjen Lentz wrote:

> When you think about it further, you'll realise that the point is  
> fairly moot: if you create an MD5 or SHA1 from a password as a one- 
> off operation, and use that, then that is effectively your password  
> and that's as such no more secure than the original password, if  
> someone were to get their hands on the config file.

If you don't trust the network between the app and the mysql server;  
use SSL.

if you don't trust the server where the app is running the best you  
can do is not have the password stored on the server and enter it  
whenever you start the application.

  - ask
Encrypt Server PasswordJulian Muscat Doublesin10 Jul
  • Re: Encrypt Server PasswordArjen Lentz11 Jul
    • Re: Encrypt Server PasswordAsk Bjørn Hansen11 Jul
      • Re: Encrypt Server PasswordJulian Muscat Doublesin13 Jul