[Date Prev][Date Next][Thread Prev][Thread Next][Minivend by date ][Minivend by thread ]

Re: [mv] Userdb password security/ Security ?

To: minivend-users@minivend.com
Subject: Re: [mv] Userdb password security/ Security ?
From: Mike Heins <mike@minivend.com>
Date: Tue, 25 Jan 2000 00:33:10 -0500
In-Reply-To: <002301bf6691$9f62b300$36e279c3@bas>; from B.J. Bezemer on Mon, Jan 24, 2000 at 06:36:59PM +0100
References: <200001240912.KAA01637@server.intrabol.local> <002301bf6691$9f62b300$36e279c3@bas>
Reply-To: minivend-users@minivend.com
Sender: owner-minivend-users@minivend.com

******    message to minivend-users from Mike Heins <mike@minivend.com>     ******

Quoting B.J. Bezemer (bas.bezemer@wxs.nl):
> ******    message to minivend-users from "B.J. Bezemer" <bas.bezemer@wxs.nl>     ******
> 
> Hi All,
> 
> It has been very quiet after Gideons question on this topic and I can't
> imagine that Joachim and I are the only one that shivered for a moment.
> Ofcourse there are tricks or workarounds to fix this problem. You could
> rename the database from userdb to the name of a loved one in reverse order,
> with some numbers in it, but that is not a structural solution. The password
> field is not the only information that I don't want to be made public. I
> don't want anyone to snoop into my database where I keep all my information
> on orders (addresses of my customers, how much they ordered etc.).

I was incommunicado for about a week, but am back.

I guess I never think about it because I don't export userdb and until the
last 6 months have rarely used SQL. But it would be possible, obviously,
to do this, especially with st=db.

I think I have not recently paid attention to the AdminDatabase directive
which was originally intended to deal with this issue.

Probably the easiest solution to this will be code to implement:

	NoSearch userdb* 

I may default to making the database selected in the "UserDB default database"
secure, and probably will allow setting of [set mv_search_file]userdb[/set]
as a one-off allow for things like the password mailing page.

I will put some sort of solution in MiniVend 4, and probably issue
a patch for 3.

-- 
Mike Heins                          http://www.minivend.com/  ___ 
                                    Internet Robotics        |_ _|____
Research is what I'm doing when     131 Willow Lane, Floor 2  | ||  _ \
I don't know what I'm doing.        Oxford, OH  45056         | || |_) |
-- Wernher Von Braun                <mikeh@minivend.com>     |___|  _ <
                                    513.523.7621 FAX 7501        |_| \_\
-
To unsubscribe from the list, DO NOT REPLY to this message.  Instead, send
email with 'UNSUBSCRIBE minivend-users' in the body to Majordomo@minivend.com.
Archive of past messages: http://www.minivend.com/minivend/minivend-list

Follow-Ups:
- Re: [mv] Userdb password security/ Security ?
  - From: Mike Heins <mike@minivend.com>

References:
- Re: [mv] Userdb password security/ Security ?
  - From: jojo@buchonline.net
- Re: [mv] Userdb password security/ Security ?
  - From: "B.J. Bezemer" <bas.bezemer@wxs.nl>

Prev by Date: Re: [mv] Listing Products by alphabet
Next by Date: Re: [mv] .PDF files in a MV page
Prev by thread: Re: [mv] Userdb password security/ Security ?
Next by thread: Re: [mv] Userdb password security/ Security ?
Index(es):
- Date
- Thread