<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.apple-converted-space
{mso-style-name:apple-converted-space;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-NZ" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">With respect, it sounds like you need more than just some pointers or examples !<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">You need to understand what you are protecting, which will drive what level of security is required e.g. personal info, reputation, money, etc<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">As Pieter said SSL is the absolute minimum but you need to understand the various risk vectors and how to protect against each one.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Cheers<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">David<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<div>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" style="border-collapse:collapse">
<tbody>
<tr>
<td width="357" valign="top" style="width:267.65pt;padding:0cm 5.4pt 0cm 5.4pt">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#47678F">David Moorhouse (BCom)</span></b><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#47678F"> |
<b>Principal Software Engineer - HealthOne</b><br>
Pegasus Health (Charitable) Ltd </span><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#47678F;mso-fareast-language:EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#47678F">P: 03 353 0871 | W: </span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><a href="http://www.pegasus.org.nz/"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#47678F">www.pegasus.org.nz</span></a></span><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#47678F"> <br>
E: </span><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1F497D"><a href="mailto:david.moorhouse@pegasus.org.nz">david.moorhouse@pegasus.org.nz</a></span><u><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#47678F"><br>
</span></u><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#47678F">PO Box 741, Christchurch 8140<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#47678F">401 Madras St, Christchurch 8013</span><b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#47678F;mso-fareast-language:EN-US"><o:p></o:p></span></b></p>
</td>
<td width="259" valign="top" style="width:194.45pt;padding:0cm 5.4pt 0cm 5.4pt">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><img border="0" width="240" height="76" id="Picture_x0020_1" src="cid:image001.jpg@01D42996.7C106730" alt="cid:image003.jpg@01CEE516.6F544D00"></span><b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#47678F;mso-fareast-language:EN-US"><o:p></o:p></span></b></p>
</td>
</tr>
</tbody>
</table>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> delphi-bounces@listserver.123.net.nz [mailto:delphi-bounces@listserver.123.net.nz]
<b>On Behalf Of </b>Pieter De Wit<br>
<b>Sent:</b> Wednesday, 1 August 2018 11:23 a.m.<br>
<b>To:</b> NZ Borland Developers Group - Delphi List<br>
<b>Cc:</b> delphi@delphi.org.nz<br>
<b>Subject:</b> Re: [DUG] How to make secure MySQL<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Hi,<o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Store the passwords as a salted sha256 or something:<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">(Sorry, my Delphi is a bit rusty)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">passhash=sha256 (“SALT1234”+real_password+”SALT4321”);<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Also, use SSL on the MySQL layer :)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Cheers,<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Pieter<o:p></o:p></p>
<div>
<p class="MsoNormal"><br>
<br>
<o:p></o:p></p>
<div>
<p class="MsoNormal">On 1/08/2018, at 11:19 AM, <<a href="mailto:jc@magicweb.nz">jc@magicweb.nz</a>> <<a href="mailto:jc@magicweb.nz">jc@magicweb.nz</a>> wrote:<o:p></o:p></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Hi all<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Can anybody give me some pointers and/or examples of how to make my web app – using MySQL – secure. At the moment I’m just transferring the bare passwords across, not a good
idea I guess.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Secondly, once logged in, a session variable determines a logged in status – safe enough?<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Thanks for any reply.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">John C<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> <o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Helvetica","sans-serif"">_______________________________________________<br>
NZ Borland Developers Group - Delphi mailing list<br>
Post:<span class="apple-converted-space"> </span></span><a href="mailto:delphi@listserver.123.net.nz"><span style="font-size:9.0pt;font-family:"Helvetica","sans-serif";color:#954F72">delphi@listserver.123.net.nz</span></a><span style="font-size:9.0pt;font-family:"Helvetica","sans-serif""><br>
Admin:<span class="apple-converted-space"> </span></span><a href="http://delphi.org.nz/mailman/listinfo/delphi"><span style="font-size:9.0pt;font-family:"Helvetica","sans-serif";color:#954F72">http://delphi.org.nz/mailman/listinfo/delphi</span></a><span style="font-size:9.0pt;font-family:"Helvetica","sans-serif""><br>
Unsubscribe: send an email to<span class="apple-converted-space"> </span></span><a href="mailto:delphi-request@listserver.123.net.nz"><span style="font-size:9.0pt;font-family:"Helvetica","sans-serif";color:#954F72">delphi-request@listserver.123.net.nz</span></a><span class="apple-converted-space"><span style="font-size:9.0pt;font-family:"Helvetica","sans-serif""> </span></span><span style="font-size:9.0pt;font-family:"Helvetica","sans-serif"">with
Subject: unsubscribe</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
<P><FONT color=#47678f size=2
face=Arial>*****************************************************</FONT></P>
<P><FONT color=#47678f size=2 face=Arial>This email or attachment(s) may contain
confidential or legally privileged information intended for the sole use of the
addressee(s). Any use, redistribution, disclosure, or reproduction of this
message, except as intended, is prohibited. If you received this email in error,
please notify the sender and erase all copies of the message, including any
attachments.</FONT></P>
<P><FONT color=#47678f size=2 face=Arial>Any views or opinions expressed in this
email (unless otherwise stated) may not represent those of Pegasus Health
Ltd.</FONT></P>
<P><FONT color=#47678f size=2
face=Arial>**********************************************************</FONT></P>
</body>
</html>