[development] SQL and connection strings
Moshe Weitzman
weitzman at tejasa.com
Fri Jul 16 13:53:22 UTC 2010
> Adding connection strings to globals avoids the question of, "where are they
> stored and where do they come from?" If the user is "configuring a
> database connection" for ad hoc queries, do you think the security team
> would consider it a vulnerability to be storing these connection strings
> with variable_set, or some other created table? I haven't really heard a
> "that's crazy,man" response yet... so maybe this is not a concern. After
> all, we do store password hashes in the DB right? Oath tokens, etc. ?
You want reversible encryption here. Seems like there is a handy API
module for it: http://drupal.org/project/encrypt
More information about the development
mailing list