On Friday 03 April 2009, Chirag R wrote:
Hi Guys,
I am working on an application which needs to connect to MySQL database for updating/insertion etc. For the application to pickup the username/password I've created a config file somewhere on the system which looks like this:
<snip>
[mysqld] user=root password=mypassword port=3306
</snip>
Problem is that this file can be read by root on that server and my password pretty much known to anyone who has root access.
Who cares about some crappy password once they have root access.
Is there anyway I can keep the password in encrypted format and still connect to mysql database? . Just to give an example of what I am looking at, in openldap you can generate a password in encrypted format using slappasswd -t {MD5} -s mypassword and store it in your slapd.conf file. Even if someone does get access to slapd.conf, still s/he cannot decrypt the password very easily.
"Easily" is a very relative term.