Search Postgresql Archives

Re: Password safe web application with postgre*s*

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



In our web-based-solution (PHP)  the database credentials (username and password) are encrypted and stored by PHP as session-Variables.

Yes, there is the risk, they could be read by someone, who has access to the
apache-sessions-directory, but this user also must have access to the php-scripts with the encrypt-functions to get the unencryption-keys and he must be able to work with these informations.

But I think, this solution is much more save then storing or comitting the credentials as clear-text in cookies, hidden formular-elements or as sessions.
But when you try to login to the database, somehow the credentials must be cleartext, so you can't get rid of this lack of security
in my opinion.

By the way, this is an *intra*net-solution, and we don't have hackers in our staff, I hope...

Ludwig

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux