PEAR Packages
 
Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
User Name:
Password:
Remember me
Go Back   Codewalkers ForumsPHP RelatedPEAR Packages
Reload this Page

MDB2 security issues?

Discuss MDB2 security issues? in the PEAR Packages forum on Codewalkers.
MDB2 security issues? All questions relating to any PEAR packages should be located here.

Record onscreen activity, your voice & webcam video. Turn everyday presentations into HD-quality videos.

For perfectly clear screencasts every time.
At the IBM® developerWorks Developer Knowledge Center you'll find resources for FREE ekits, Tutorials, Webcasts, Trial Downloads and more.


We cover the world of technology like no one else, constantly updating you with the best information available on open source software, Microsoft technologies, hardware and news from around the world.

Try Camtasia Studio today!
Visit the IBM® Developer Knowledge Center today!
Sign up today!

Reply
Add This Thread To:
  Del.icio.us   Digg   Google   Spurl   Blink   Furl   Simpy   Y! MyWeb 
« Previous Thread | Next Thread »  
Thread Tools Search this Thread Rate Thread Display Modes
 
Unread Codewalkers Forums Sponsor:
  #1  
Old February 26th, 2007, 08:09 AM
Anonymous Anonymous is offline
Registered User
Codewalkers God 35th Plane (22000 - 22499 posts)
  
Join Date: Apr 2007
Posts: 22,309 Anonymous User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 25
MDB2 security issues?
I recently implemented the PEAR MDB2 package on my site, and I made an alarming discovery.

I have a User class. An instance is created when someone logs into my site. The constructor for that class creates an MDB2 connection and stores it in the User object. I am then saving that User object to a session variable so I can access its methods and properties from page to page as the user navigates the site.

The alarming discovery came when I did a print_r($_SESSION). Part of what returned was this (actual values changed to protect the innocent, and my database):

php Code:
Original - php Code 
  1.  
  2. [dsn] => Array
  3.     (
  4.         [phptype] => mysql
  5.         [dbsyntax] => mysql
  6.         [username] => myUsername
  7.         [password] => holyCrapMyPasswordIsVisible
  8.         [protocol] => tcp
  9.         [hostspec] => mysite.com
  10.         [port] => 
  11.         [socket] => 
  12.         [database] => 
  13.         [mode] => 
  14.      )


The dsn with my all my database login info is just hanging out there naked in the wind, completely exposed. This strikes me as being very, very bad.

I know I can rework my code to not store the MDB2 connection in the object so that it is not carried in the session. However, I'm still nervous that this information is so easily accessible. It makes me wonder if using MDB2 is leaving myself vulnerable to an easy hack.

Has anyone else noticed this? Is it as big of a security problem as it seems to be, or am I just being paranoid?
Reply With Quote
Reply

Viewing: Codewalkers ForumsPHP RelatedPEAR Packages > MDB2 security issues?

« Previous Thread | Next Thread »

Thread Tools  Search this Thread 
Search this Thread:

Advanced Search
Display Modes  Rate This Thread 
Linear Mode Linear Mode
Rate This Thread:


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
View Your Warnings | New Posts | Latest News | Latest Threads | Shoutbox
Forum Jump




 Free IT White Papers!
 
Create the Optimal Architecture for your Critical Applications
Warburton's the largest independently owned bakery in the UK faced a number of difficult challenges in providing the most robust yet efficient IT infrastructure for their organization's success. IBM's services combined with their xSeries servers created the perfect platform for their SAP environment with sufficient flexibility, and did so in very time effective fashion.
Request Your Free Technology Downloads!
 
Five Best Practices for Deploying a Successful Service-Oriented Architecture
This white paper describes the benefits you can expect with SOA, and how IBM can help take your business there.
Request Your Free Technology Downloads!
 
Gartner Magic Quadrant for Application Delivery Controllers
Gartner summarizes its view on Application Delivery Controllers, evaluates strengths and weaknesses of solutions, and provides Magic Quadrant reporting for a quick comparison across all vendors. Learn from Gartner how you can benefit from an all-in-one device like Citrix NetScaler that delivers the highest levels of availability, performance and security.
Request Your Free Technology Downloads!
 
Knowledge is Power
What you don't know can hurt you, and is likely costing you money and increasing your security risks during an era of scarce resources. This white paper proposes six key strategies that enterprise security managers can use to improve their network defense posture.
Request Your Free Technology Downloads!
 
Rationalizing the Multi-Tool Environment
The rationalized multi-tool approach is flexible, scalable and cost effective. It provides the necessary input to the IT service management business processes. It preserves prior investments in monitoring tools, empowers technologists to select the best tools with which to do their jobs, and enhances effective response to incidents.
Request Your Free Technology Downloads!
 

Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
  
 




© 2003-2010 by Developer Shed. All rights reserved. DS Cluster 2 Hosted by Hostway
For more Enterprise Application Development news, visit eWeek