Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How can I encrypt or hide passwords in a Perl script used to connect to mysql database

Tags:

mysql

perl

I was wondering what is the best way to store usernames and password to connect to mysql database?

like image 815
Gordon Avatar asked Feb 09 '11 18:02

Gordon

People also ask

How does MySQL encrypt passwords?

MySQL server uses the PASSWORD function to encrypt MySQL passwords for storage in the Password column of the user grant table. The value returned by the PASSWORD function is a hashed string, or NULL if the argument was NULL. The PASSWORD function accepts one parameter which is the string to be encrypted.

How are passwords stored in MySQL?

MySQL passwords for users are stored within MySQL itself; they are stored in the mysql. user table. The passwords are hashed by default using the PASSWORD() function.

1 Answers

An easy and safe way — if you do it right — is with a config file. The DBI/DBD MySQL connection string will look something like–

dbi:mysql:my_dbname;mysql_read_default_file=/NON-WEB/path/to/.my.cnf

–and you will pass no user or password to the DBI connection call.

The .my.cnf file will have the password. The ways to keep this safe include–

  • File is only readable by the webuser.
  • File is outside the web root; visiting a URL cannot possibly reach it.
  • The config file contains the bare minimum to connect, it probably does not need the user name for example.
  • Make sure there are no exploits in your application that might allow browsing of your file system.
  • The webuser's mysql account has limited privileges: no grant, no create|drop tables, etc, etc.
like image 166
Ashley Avatar answered Oct 13 '22 01:10

Ashley
Sign in to Comment

Related questions

Database design of a tree-like category system
If an PHP PDO transaction fails, must I rollback() explicitely?
Is there any good reasons that I should not use - (dash) in field names in MySQL?
Reorder integer except for value 0 with sql
SQL Max Question
Selecting an item matching multiple tags
Creating a linked list or similar queue in MySQL?
How can a PHP PDO object figure out if it's already in a MySQL Transaction?
INSERT INTO SELECT,copy value+ 'string'
Rails - See generated SQL queries in Log files
MySQL - Searching with UNION ALL and GROUP BY
Getting the actual (absolute) execution time of the last query in PHP (excluding network latency etc)
MYSQL Select to file
When to use 1 to 1 tables in databases
how to write Regular Expression in MySQL select queries?
How to check my privileges?
What's the best way to "shuffle" a table of database records?
Create mysql date range
Reset MySQL auto_increment when a large number already exists?
CodeIgniter MySQL query not working

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!