Re: Clear text passwords. Was: Automating dsmserv
2003-05-27 16:22:20
> one solution:
>
> We created an admin account (ex. QUERY), that is granted no authority.
> Which means it can do queries, but can't change anything.
> For scripts that just do queries, we use that admin id and don't sweat
> whether it's hackable.
> Now in theory somebody could find out the password and SUBMIT A BIG QUERY
> that ties up your server,
> but really, so what.... not in my list of Worst Things to Worry About.
There is another potential issue with this approach. A user with no
authority can run query or select commands that report client file
names. One can readily imagine scenarios in which this capability
raises serious privacy concerns.
|
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: Clear text passwords. Was: Automating dsmserv, (continued)
- Re: Clear text passwords. Was: Automating dsmserv, Richard Sims
- Re: Clear text passwords. Was: Automating dsmserv, Justin Bleistein
- Re: Clear text passwords. Was: Automating dsmserv, Remeta, Mark
- Re: Clear text passwords. Was: Automating dsmserv, Stephen E. Bacher
- Re: Clear text passwords. Was: Automating dsmserv, Prather, Wanda
- Re: Clear text passwords. Was: Automating dsmserv,
Thomas Denier <=
- Re: Clear text passwords. Was: Automating dsmserv, Justin Bleistein
- Re: Clear text passwords. Was: Automating dsmserv, Justin Bleistein
- Re: Clear text passwords. Was: Automating dsmserv, Tom Kauffman
- Re: Clear text passwords. Was: Automating dsmserv, Alex Paschal
- Re: Clear text passwords. Was: Automating dsmserv, Nicholas Cassimatis
- Re: Clear text passwords. Was: Automating dsmserv, Stapleton, Mark
|
|
|