Professional Web Applications Themes

Security of MySQL Userid/Password in Apache CGI-BIN - MySQL

I'm writing some 'C' compiled Apache CGI-BINs which interact with MySQL via the 'C' API (platform: Linux). Where should I put the MySQL userid/password so that it is the most secure? Possibilities: a)Compile them in to the CGI-BIN (and I'm assuming that there is no way for a web user to actually get the data in the executable--they can only run it, right?). b)Keep them in a separate file which is read by the CGI-BIN. Any thoughts about what is the best way and any security concerns? Thanks. ------------------------------------------------------------ David T. Ashley (com) http://www.e3ft.com (Consulting Home Page) http://www.dtashley.com (Personal Home ...

  1. #1

    Default Security of MySQL Userid/Password in Apache CGI-BIN

    I'm writing some 'C' compiled Apache CGI-BINs which interact with MySQL via
    the 'C' API (platform: Linux).

    Where should I put the MySQL userid/password so that it is the most secure?

    Possibilities:

    a)Compile them in to the CGI-BIN (and I'm assuming that there is no way for
    a web user to actually get the data in the executable--they can only run it,
    right?).

    b)Keep them in a separate file which is read by the CGI-BIN.

    Any thoughts about what is the best way and any security concerns?

    Thanks.
    ------------------------------------------------------------
    David T. Ashley (com)
    http://www.e3ft.com (Consulting Home Page)
    http://www.dtashley.com (Personal Home Page)
    http://gpl.e3ft.com (GPL Publications and Projects)


    David Guest

  2. #2

    Default Re: Security of MySQL Userid/Password in Apache CGI-BIN

    David T. Ashley wrote: 

    Compiling them into the executable would definately keep it away from prying
    eyes - but you would want to make it extra-strong (lots of
    case/numbers/meta-characters) to minimize hackers attempts to crack the password.

    I tend to stay away from CGI due to some other inherent risks involved with some
    of the "provided" scripts like upload.cgi and Count.cgi. Therefore I almost
    always disable cgi and use other methods. But, YMMV.

    you could use an encode/decode mechanism such that you can change the password
    on a somewhat regular basis - but I would store it in a file outside the web
    server directory tree (but give it the proper ownership etc...) This would
    minimize the exposure.

    One thing to mitigate risks is to have the database server on another server
    where the ports used are not internet-facing - so there can be no direct
    connection from the internet to your MySQL server ports.

    The other thing I do on MY web server is that it runs OpenVMS w/Apache. The
    only system at Defcon 9 not hacked. - then they changed the rules such that the
    ONLY OS you could run was some flavor of the Linux kernel.

    --
    Michael Austin
    Database Consultant
    Domain Registration and Linux/Windows Web Hosting Reseller
    http://www.spacelots.com
    Michael Guest

  3. #3

    Default Re: Security of MySQL Userid/Password in Apache CGI-BIN

    "David T. Ashley" <com> wrote in
    news:com:
     

    OUTSIDE of the web space.

    ----== Posted via Newsfeeds.Com - Unlimited-Unrestricted-Secure Usenet News==----
    http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups
    ----= East and West-Coast Server Farms - Total Privacy via Encryption =----
    Mark Guest

Similar Threads

  1. Replies: 1
    Last Post: June 9th, 08:27 AM
  2. Where to store UserID/Password
    By Fernandez in forum ASP.NET Security
    Replies: 1
    Last Post: July 30th, 04:04 PM
  3. userid and password in html ?
    By George Sambataro in forum Web Design
    Replies: 0
    Last Post: June 9th, 01:24 PM
  4. internet userid password login
    By Lynn in forum Windows Setup, Administration & Security
    Replies: 0
    Last Post: July 25th, 05:00 AM
  5. Userid & password fail for newlist
    By psale webforumsuser@macromedia.com in forum Macromedia Dreamweaver
    Replies: 2
    Last Post: July 8th, 11:08 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139