Gossamer Forum
Home : Products : DBMan SQL : Discussion :

DBMan SQL

Quote Reply
DBMan SQL
Hi,

Ok, Im thinking of of purchasing DBMan SQL for one of my clients (Im a web designer) but, my client has particular concerns re security. More specifically concerns regarding the Data Protection Act (UK). Therefore I need to know how secure the system is - ie. the info held in the mysql database. Is there anyway someone could access this? I know a certain amount of responsibility must fall on my hosting providers shoulders but if I am to recommend this to my client he needs to know that the info is securly stored online. Any help appreciated!
Quote Reply
Re: [jumpnet] DBMan SQL In reply to
If you assign a username/password for the MySQL datbase, then DBMAN SQL is quite secure, unless you assign weird permissions like allowing anyone to add, modify, and delete data. If you set-up the permissions by administrator and regular users, then you can secure access to the database.

DBMAN 2.0 (flat file) is not secure at all, unless you use .htaccess/.htpasswd to protect the flat database file.

MySQL is much more secure...not 100%, but much more secure than flat file systems.
========================================
Buh Bye!

Cheers,
Me
Quote Reply
Re: [Heckler] DBMan SQL In reply to
Cheers, but..

Are the passwords encryted in any way, when they are sent to and from the server?
Quote Reply
Re: [jumpnet] DBMan SQL In reply to
Nope...But you can easily hack DBMAN SQL to encrypt the passwords that are stored in the MySQL tables. Not too hard to do, other software, like VBulletin, encypts passwords when they are inserted into the User table.

But the encryption on the back-end is not a big deal since no one can actually get to the data itself via the back-end unless they know the username and password of the MySQL datbase and they know MySQL to query the tables.

The more important security risk to address is using SSL (Secure Socket Layers) to protect data transmissions across the net, since without SSL, hackers can install sniffers to take data from requests to your web server since data transmitted without SSL is transmitted in plain text.

That is outside the boundaries of DBMAN SQL...that is something that your webmaster needs to address, not you, as the designer...unless you wear multiple hats. Wink
========================================
Buh Bye!

Cheers,
Me
Quote Reply
Re: [Heckler] DBMan SQL In reply to
>>Nope...But you can easily hack DBMAN SQL to encrypt the passwords that are stored in the MySQL tables.<<

Erm DBMAN SQL _does_ encrypt passwords Tongue
Quote Reply
Re: [PaulW] DBMan SQL In reply to
Didn't know that...in earlier betas of DBMAN SQL, it didn't.
Frown Tongue CrazyPirate

Bye.

========================================
Buh Bye!

Cheers,
Me

Last edited by:

Heckler: Nov 19, 2001, 8:24 AM
Quote Reply
Re: [Heckler] DBMan SQL In reply to
From 1.02+ it does

Last edited by:

PaulW: Nov 19, 2001, 8:26 AM
Quote Reply
Re: [jumpnet] DBMan SQL In reply to
Hi,

Quote:
Are the passwords encryted in any way, when they are sent to and from the server?

No, the only way to do this is to run the product under SSL. If you do put it under SSL (as in https://yourdomain/cgi-bin/db.cgi), then yes, the passwords will not be viewable by anyone listening in.

Cheers,

Alex
--
Gossamer Threads Inc.