MySQL Forums
Forum List  »  General

Re: where to store connection parameters for MYSQL on Windows
Posted by: Rick James
Date: September 25, 2014 07:57PM

If the users can log into Windows, there is probably no way to hide the application's password from them.

If they can only get to the web server that you provide them, then the password can be in plaintext in the application code.

Perhaps:
In your (the application's) login directory there can be a ".my.cnf" file. This can contain the password (and other stuff). If Windows protects that directory from other users (except for Administrator), then that would be somewhat secure.

The multiple passwords you hold for the end-users should be "one-way". That is, use something like md5, not aes_encrypt.
MD5($entered_password . 'some secret salt')
The salt avoids them being able to deduce the password by guessing and seeing if it matches what is in your table (assuming they can read the table -- which should be impossible).

Options: ReplyQuote




Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.