[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

Re: Mysql

To: linux-delhi@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: Mysql
From: Raju Mathur <raju@xxxxxxxxxxxxxxx>
Date: Thu, 8 Mar 2001 23:17:28 +0530 (IST)
In-reply-to: <002d01c0a796$79362b20$8900000a@aclindia.com>
References: <20010305132815.24329.qmail@web4106.mail.yahoo.com> <001f01c0a5e9$a3a13cf0$010811ac@BIG> <002d01c0a796$79362b20$8900000a@aclindia.com>
Reply-to: raju@xxxxxxxxxxxxxxx

>>>>> "Ambar" == Ambar Roy <ambarroy@xxxxxxxxx> writes:

    >> What i want to avoid is embeding the root/equivalant user
    >> password in my
    Ambar> cgi
    >> application.

    Ambar> [snip]

OK, here's one roundabout way of doing it:

Create a PGP keypair for each user.  Now encrypt the MySQL password
using all the public keys of all the users.  Let each secret key have
the users password as pass phrase.  When a user logs in, use the
password s/he's supplied to unlock the corresponding secret key, and
use that to decrypt the MySQL password.  Voila!  no passwords embedded
in CGI's!

Regards,

-- Raju
-- 
Raju Mathur          raju@xxxxxxxxxxxxx           http://kandalaya.org/

Follow-Ups:
- Re: Mysql
  - From: Sandip Bhattacharya

References:
- Re: Mysql
  - From: Chandresh Pant
- Re: Mysql
  - From: Amit Soni
- Re: Mysql
  - From: Ambar Roy

Prev by Subject: Re: Mysql
Next by Subject: Re: Mysql
Previous by thread: Re: Mysql
Next by thread: Re: Mysql
Index(es):
- Subject
- Thread