[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

Re: Mysql

>>>>> "Ambar" == Ambar Roy <ambarroy@xxxxxxxxx> writes:

    >> What i want to avoid is embeding the root/equivalant user
    >> password in my
    Ambar> cgi
    >> application.

    Ambar> [snip]

OK, here's one roundabout way of doing it:

Create a PGP keypair for each user.  Now encrypt the MySQL password
using all the public keys of all the users.  Let each secret key have
the users password as pass phrase.  When a user logs in, use the
password s/he's supplied to unlock the corresponding secret key, and
use that to decrypt the MySQL password.  Voila!  no passwords embedded
in CGI's!


-- Raju
Raju Mathur          raju@xxxxxxxxxxxxx           http://kandalaya.org/