[DUG] How to make secure MySQL
David Moorhouse
David.Moorhouse at pegasus.org.nz
Wed Aug 1 12:52:20 NZST 2018
With respect, it sounds like you need more than just some pointers or examples !
You need to understand what you are protecting, which will drive what level of security is required e.g. personal info, reputation, money, etc
As Pieter said SSL is the absolute minimum but you need to understand the various risk vectors and how to protect against each one.
Cheers
David
David Moorhouse (BCom) | Principal Software Engineer - HealthOne
Pegasus Health (Charitable) Ltd
P: 03 353 0871 | W: www.pegasus.org.nz<http://www.pegasus.org.nz/>
E: david.moorhouse at pegasus.org.nz<mailto:david.moorhouse at pegasus.org.nz>
PO Box 741, Christchurch 8140
401 Madras St, Christchurch 8013
[cid:image003.jpg at 01CEE516.6F544D00]
From: delphi-bounces at listserver.123.net.nz [mailto:delphi-bounces at listserver.123.net.nz] On Behalf Of Pieter De Wit
Sent: Wednesday, 1 August 2018 11:23 a.m.
To: NZ Borland Developers Group - Delphi List
Cc: delphi at delphi.org.nz
Subject: Re: [DUG] How to make secure MySQL
Hi,
Store the passwords as a salted sha256 or something:
(Sorry, my Delphi is a bit rusty)
passhash=sha256 (“SALT1234”+real_password+”SALT4321”);
Also, use SSL on the MySQL layer :)
Cheers,
Pieter
On 1/08/2018, at 11:19 AM, <jc at magicweb.nz<mailto:jc at magicweb.nz>> <jc at magicweb.nz<mailto:jc at magicweb.nz>> wrote:
Hi all
Can anybody give me some pointers and/or examples of how to make my web app – using MySQL – secure. At the moment I’m just transferring the bare passwords across, not a good idea I guess.
Secondly, once logged in, a session variable determines a logged in status – safe enough?
Thanks for any reply.
John C
_______________________________________________
NZ Borland Developers Group - Delphi mailing list
Post: delphi at listserver.123.net.nz<mailto:delphi at listserver.123.net.nz>
Admin: http://delphi.org.nz/mailman/listinfo/delphi
Unsubscribe: send an email to delphi-request at listserver.123.net.nz<mailto:delphi-request at listserver.123.net.nz> with Subject: unsubscribe
********************************************************************************
This email or attachment(s) may contain confidential or legally privileged
information intended for the sole use of the addressee(s). Any use, redistribution,
disclosure, or reproduction of this message, except as intended, is prohibited.
If you received this email in error, please notify the sender and erase all
copies of the message, including any attachments.
Any views or opinions expressed in this email (unless otherwise stated) may not
represent those of Pegasus Health Ltd.
********************************************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://listserver.123.net.nz/pipermail/delphi/attachments/20180801/620d56b6/attachment-0003.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 3614 bytes
Desc: image001.jpg
Url : http://listserver.123.net.nz/pipermail/delphi/attachments/20180801/620d56b6/attachment-0003.jpg
More information about the Delphi
mailing list