[Date Prev][Date Next][Thread Prev][Thread Next][Minivend by date ][Minivend by thread ]

Re: [mv] Userdb password security/ Security ?

To: <minivend-users@minivend.com>
Subject: Re: [mv] Userdb password security/ Security ?
From: "Gideon van Gelder" <gideon@swingmaster.nl>
Date: Tue, 25 Jan 2000 15:47:42 +0100
References: <200001240912.KAA01637@server.intrabol.local> <002301bf6691$9f62b300$36e279c3@bas> <20000125003310.A14549@bill.minivend.com> <20000125021820.A15346@bill.minivend.com>
Reply-To: minivend-users@minivend.com
Sender: owner-minivend-users@minivend.com

******    message to minivend-users from "Gideon van Gelder" <gideon@swingmaster.nl>     ******

Thank you for your great response, Mike.

But I'm not using SQL: wouldn't it suffice for me
to do what I already did: simply change the name of the
userdb-table to one that can't be guessed, like a password
isn't supposed to be guessed either?
If the intruder doesn't know the database-name, and you're
not using SQL, he can't find anything, or am I wrong ?

thanks again,

-Gideon


> Quoting Mike Heins (mike@minivend.com):
> > I will put some sort of solution in MiniVend 4, and probably issue
> > a patch for 3.
> >
>
> As I discussed, there is a new directive:
>
> NoSearch   ^userdb*
>
> That is the default value. If you put other tablename (with dos-ish
> wildcards, i.e. ^secret_table* will match secret_table, secret_table_2,
> etc)
>
> The value must be set in toto every time, i.e. it is not incremental.
>
> MV3 SQL security will lag far behind, for there is no real way to parse
> that out of mv_sql_query. MV4 should handle that.
>
> To temporarily disable this in MiniVend 4, you can do:
>
> $Config->{NoSearch} = '';
>
> Next server that is forked should have the original value, but that means
> it will be persistent in Windows, so you should save and set it back. 8-\
> I will probably add it to the list of things that get shadowed, so the
Windows
> condition will be temporary.
>
> Patches are attached for both MV4 alpha 10 and minivend-3.14-4.
>
> --
> Mike Heins                          http://www.minivend.com/  ___
>                                     Internet Robotics        |_ _|____
> Few blame themselves until they     131 Willow Lane, Floor 2  | ||  _ \
> have exhausted all other            Oxford, OH  45056         | || |_) |
> possibilities.                      <mikeh@minivend.com>     |___|  _ <
>  -- anonymous                       513.523.7621 FAX 7501        |_| \_\
>

-
To unsubscribe from the list, DO NOT REPLY to this message.  Instead, send
email with 'UNSUBSCRIBE minivend-users' in the body to Majordomo@minivend.com.
Archive of past messages: http://www.minivend.com/minivend/minivend-list

Follow-Ups:
- Re: [mv] Userdb password security/ Security ?
  - From: Mike Heins <mike@minivend.com>

References:
- Re: [mv] Userdb password security/ Security ?
  - From: jojo@buchonline.net
- Re: [mv] Userdb password security/ Security ?
  - From: "B.J. Bezemer" <bas.bezemer@wxs.nl>
- Re: [mv] Userdb password security/ Security ?
  - From: Mike Heins <mike@minivend.com>
- Re: [mv] Userdb password security/ Security ?
  - From: Mike Heins <mike@minivend.com>

Prev by Date: Re: [mv] mySQL Database
Next by Date: Re: [mv] mySQL Database
Prev by thread: Re: [mv] Userdb password security/ Security ?
Next by thread: Re: [mv] Userdb password security/ Security ?
Index(es):
- Date
- Thread