BLU Discuss list archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Discuss] Passwords in Source Code?? Or, How to secure interprocess communications?
- Subject: [Discuss] Passwords in Source Code?? Or, How to secure interprocess communications?
- From: eric.chadbourne at icloud.com (Eric Chadbourne)
- Date: Sat, 31 Jan 2015 10:56:41 -0500
- In-reply-to: <54CCF4A4.6040703@borg.org>
- References: <54CCF4A4.6040703@borg.org>
FWIW, in PHP you often put the PostgreSQL user credentials in the code. Usually a config file somewhere. You can also place sensitive files outside of your web root with proper permissions. If all running on a local box I don?t open the ports or set the db config to allow other connections. It seems reasonably secure. I am curious as to what others do. The PostgreSQL docs have a ton of great info. - Eric > On Jan 31, 2015, at 10:28 AM, Kent Borg <kentborg at borg.org> wrote: > > Related to my previous database questions... > > Normally I think of a program as trusting itself, having some integrity, maybe not even having gaping bugs or security holes. But what if I the program I am writing is talking to another, such as Postgres? Postgres has the ability to do passwords, so do I just put a password in my program source? Set Postgres to only accept local connections, and hope for the best? Seems wrong. Do I try to put both in a chroot or something? > > My program already has to hope that its program files are secured by the hosting OS, but at least if it isn't opening up a network port it stays a rather contained problem. > > (I want multiple programs talking to the database, so no, I can't just link in Sqlite.) > > Seems a general problem of securing interprocess communications. > > Thoughts? > > Thanks, > > -kb, the Kent who knows that people Google for passwords, search github for passwords, and get a lot of juicy results. > _______________________________________________ > Discuss mailing list > Discuss at blu.org > http://lists.blu.org/mailman/listinfo/discuss
- Follow-Ups:
- [Discuss] Passwords in Source Code?? Or, How to secure interprocess communications?
- From: me at mattgillen.net (Matthew Gillen)
- [Discuss] Passwords in Source Code?? Or, How to secure interprocess communications?
- References:
- [Discuss] Passwords in Source Code?? Or, How to secure interprocess communications?
- From: kentborg at borg.org (Kent Borg)
- [Discuss] Passwords in Source Code?? Or, How to secure interprocess communications?
- Prev by Date: [Discuss] Passwords in Source Code?? Or, How to secure interprocess communications?
- Next by Date: [Discuss] securing API passwords
- Previous by thread: [Discuss] Passwords in Source Code?? Or, How to secure interprocess communications?
- Next by thread: [Discuss] Passwords in Source Code?? Or, How to secure interprocess communications?
- Index(es):