George Larson wrote:
[snip]
Donovan:
There's no "powers that be" on this list. The closest is Dan and we all
ignore him. :-)
Next question -- how do you keep login's and passwords safe? Is the
following not embedded in the html?
[SQLConnect
dbType=MySQL&host=192.168.1.1&database=TestNames&uid=sa&pwd=pass&conn_var=conn1]
[/SQLConnect]
If so, then doesn't that create a security concern?
[snip]
For the record, I'm with Tedd. Regardless of this being a "designated" PHP
arena, I'm enjoying this WebDNA conversation and might even give it a test
drive...
You guys are giving me too much rope. ;-)
I like to strive for multi-lingual myself (thus why
I'm on the PHP talk list), but I've
always loved WebDNA and have been amazed it hasn't
caught on more than it has, well, other than how
expensive it used to be...
For passwords:
Though the WebDNA parts of the code are gone by the
time a client receives it, yes, it's a always good policy to
use appropriate and redundant security practices. So,
you have a good point. For example,
I could see that if WebDNA was configured incorrectly, you'd
be able to see the open text password perhaps.
So, instead of hard-coding passwords, you could do a number of
other things... for example; include the password from an
encrypted text file or "WebDNA database" record.
So, if the password is encrypted in a "WebDNA database",
The line would look something like:
[SQLConnect dbType=MySQL[!]
[/!]&host=192.168.1.1[!]
[/!]&database=TestNames[!]
[/!]&uid=sa[!]
[/!]&pwd=[unencrypt][lookup
db=pwds.db&lookinfield=ugUID&value=[UID]&returnfield=ugPASS¬found=NF][/unencrypt][!]
[/!]&conn_var=conn1]
[/SQLConnect]
(The commented out returns are just to help with readability.)
If you store the pass encrypted in a text file:
[SQLConnect dbType=MySQL[!]
[/!]&host=192.168.1.1[!]
[/!]&database=TestNames[!]
[/!]&uid=sa[!]
[/!]&pwd=[unencrypt][include file=pwd.txt][/unencrypt][!]
[/!]&conn_var=conn1]
[/SQLConnect]
There are "levels" of security as well... you could encrypt
the entire page if you like... then the source looks like/is binary junk
other than when parsed by WebDNA.
Regarding test driving.. the download is free and the install
doesn't harm PHP configurations:
http://dev.webdna.us/
You can also grab a free developers license so you don't
keep having to solve the "human equation" every 30min or so.
http://store.webdna.us/
Thx for the time on the soap box! :) (and if anyone objects to the
conversation, I'll be happy to zip it!)
Donovan
--
=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o
D. BROOKE EUCA Design Center
WebDNA Software Corp.
WEB:> http://www.euca.us | http://www.webdna.us
=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
