I am setting up a MySQL database and am providing a web interface for it. Now, the DB is extremely simple and the interface just runs certain SELECT statements.
I have created a user for my script to use when connecting with these commands:
CREATE USER 'foo' IDENTIFIED BY PASSWORD 'bar';
GRANT SELECT ON dbname.* TO foo
I then have these lines in my Perl script:
my $user = "foo";
my $pw = "bar";
NOTES:
- The data on the database are completely public and users can use/redistribute them at will. I have no interest in blocking anyone from accessing it, it is to provide a dataset to the scientific community.
- The data are static, there is no need for anyone to be able to modify them in any way and the only user who has the right to is
root
(the only other user on the system).
So, my question is, how dangerous is this? Given that the user only has SELECT
rights, what bad things can happen with this, clearly insecure, setup? Is there a better way of allowing access to my script bearing in mind the two notes above?
Best Answer
You should always put application passwords in O/S Environment Variables (envvars).
http://perldoc.perl.org/Env.html