What is the (most?) Secure way to handle database connections in a web application?

Question

What is the (most?) Secure way to handle database connections in a web application?

I have a web application written in Perl using PostgreSQL.

When accessing the PostgreSQL database, I need to specify both the username and password. To have access to a password to automatically start the system, I need this password built into my application or into a configuration file or as an environment variable configured in Apache.

In any case, I should have a password in text format somewhere.

How is this done on real websites?

+3

security postgresql

szabgab Jan 7 '10 at 7:40

source share

5 answers

Tor Valamo · Answer 1 · 2010-01-07T07:46:29+0000

The safest way to do this is to create a configuration file and place it outside of the public folders.

James Polley · Answer 2 · 2010-01-07T09:17:26+0000

, -, - . , webroot; ,
, , , , -, -
, , - .
, , , . , Wordpress Wordpress , .
-, , node .

Ivan Krechetov · Answer 3 · 2010-01-07T08:08:51+0000

"" IP- - ( , node) PostgreSQL pg_hba.conf . , , , - -.

, - . , -, Perl.

Magnus Hagander · Answer 4 · 2010-01-07T09:09:42+0000

~/.pgpass( -, ). , , , , , . . http://www.postgresql.org/docs/current/static/libpq-pgpass.html.

-.

this. __curious_geek · Answer 5 · 2010-01-07T09:19:54+0000

Firewall IP: PostgreSQL IP- -.

What is the (most?) Secure way to handle database connections in a web application?

More articles: