[development] SQL and connection strings

David Metzler metzlerd at metzlerd.com
Sat Jul 17 02:14:29 UTC 2010

Excellent suggestion.  Looks really promising.  


On Jul 16, 2010, at 6:53 AM, Moshe Weitzman wrote:

>> Adding connection strings to globals avoids the question of, "where are they
>> stored and where do they come from?"   If the user is "configuring a
>> database connection" for ad hoc queries, do you think the security team
>> would consider it a vulnerability to be storing these connection strings
>> with variable_set, or some other created table? I haven't really heard a
>> "that's crazy,man" response yet... so maybe this is not a concern.  After
>> all, we do store password hashes in the DB right?  Oath tokens, etc. ?
> You want reversible encryption here. Seems like there is a handy API
> module for it: http://drupal.org/project/encrypt

More information about the development mailing list