[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFC: common database policy/infrastracture

On Thu, 16 Dec 2004 14:55:29 +0100 (CET), Andreas Tille <tillea@rki.de> wrote:
> On Thu, 16 Dec 2004, Olaf van der Spek wrote:
> > Because system passwords aren't 'needed' by any applications to
> > authenticate themselves to the system, while database passwords are.
> No, they are not needed in the file system.  They are needed inside
> the database and they are save there (assumed that the database server

Yes, but that's the other side of the authentication end. This is
about the client, not the server.

> has no bugs).
> > True, but how many database apps work without storing the password?
> At least these that do authentification directly against the database
> should not store their passwords in an extra file.  This is the case
> for the application I'm currently working on (GnuMed) where the
> client does the authentication via user interaction.

Is that the majority or the minority of applications?
Take for example a web application like a forum. It requires the
password so it can connect to the database. It can't/won't ask the
password from the user.

Reply to: