[plug] [OT] Password security with shared web hosting

Denis Brown dsbrown at cyllene.uwa.edu.au
Wed Aug 25 21:35:28 WST 2004


Hello, James.

On Wed, 25 Aug 2004, James Devenish wrote:

> Basically, I am wondering what people do about 'database passwords' in
> shared web hosting environments where scripting is permitted. A security
> problem arises when scripts belonging to a co-hosted site can read the
>
May not be directly relevant to your situation, but for what it's worth...

I have a database which needs to be accessed by a C programme.   The
database is MySQL in this case, and I am using the mysqlclient interface.
The database name, username and password are in a separate "configuration"
file that only needs read-only access and can be placed in some
non-obvious location.   The C code then accesses this data through the
load_defaults function.   Paul Dubois' MySQL book was the source of that
tip.   The config file is hidden (a dot-file) and made read-only to the
owner of the executable.   This probably comes under the heading of
"security by obscurity."

HTH,
Denis





More information about the plug mailing list