Tagged Questions

1
vote
2answers
221 views

typical way to share database connection for open-source project, without revealing too much

I have an open source project for mydomain.com which requires connections to a database (...as is tradition). What is the standard practice for allowing others to work on the site, without giving them ...
35
votes
11answers
2k views

Is there any reason not to go directly from client-side Javascript to a database? [duplicate]

Possible Duplicate: Writing Web “server less” applications So, let's say I'm going to build a Stack Exchange clone and I decide to use something like CouchDB as my backend store. If I use ...
2
votes
2answers
144 views

help for choosing an encryption method for a database column

I'm storing some phone numbers in the database which should kept totally secret (they're supposed to access via web). BTW, because of the position of these people, I need to prevent any chance for ...
4
votes
4answers
129 views

System that splits passwords across two servers

I stumbled upon this news article on BBC, RSA splits passwords in two to foil hackers' attacks tl;dr - a (randomized) password is split in half and is stored across two separate servers, to foil ...
-1
votes
4answers
951 views

Application connecting to database server

I'm working on an application which requires user credentials and so on. So a database is required on the backend. What is the best practice to connect to a database without hardcoding your password ...
0
votes
4answers
394 views

How do you handle database security from a desktop application?

For about 10 years I've worked on various in-house desktop client applications with SQL Server data stores. Rarely did I start these projects - most are takeover work. One thing that seemed constant ...
2
votes
1answer
265 views

Books or guides regarding secure key storage and database encryption [closed]

I have an idea for a SaaS product I want to create, however, this product will store extremely sensitive data that needs to be encrypted at rest. The trouble is not so much the encryption, but the ...
3
votes
2answers
423 views

Making sure database connection information is secured

This is the first time that I am working on a web application. I was going through the question What should every programmer know about web development? and noticed one thing that I knew nothing of: ...
2
votes
2answers
71 views

Is there a secure way to add a database troubleshooting page to an application?

My team makes a product (business management software) that our customers install on their own servers. The product uses a SQL database for data storage and app configuration. There have been quite a ...
2
votes
4answers
480 views

Advice on making sure e-commerce site is secure using PHP and MySQL

Like the title says, I would like some advice from knowledgable web developers on figuring out security issues for my e-commerce site. I am designing the database as well as the code that ...
0
votes
2answers
169 views

Assigning a local id to a user

I am creating a soap service where users will be able to interact with each other. They will have a contact list where people can be added. One of the security measures(others are in place, too) is to ...
6
votes
3answers
405 views

Converting a 1,000,000 rows database

If I have a database that stores the login credentials of 1,000,000 users in PLAINTEXT, how much effort will it take me to md5 hash these passwords?
6
votes
9answers
1k views

How much database access should developers have?

So I've worked in many different workplaces as a developer and my level of access to the database has been varied. I typically don't have production db access. Most of the time I have access to the ...
6
votes
3answers
301 views

Are two database trips reasonable for a login system?

I am designing a login system for a project, and have an issue about it requiring two trips to the database when a user logs in. User types in username and password Database is polled and password ...