Re: Password safe web application with postgre*s*

<span style="font-family: Verdana">In our web-based-solution (PHP)  the database credentials (username and password)
areencrypted and </span><span style="font-family: Verdana">stored </span><span style="font-family: Verdana">by PHP as
session-Variables.<br/><br />Yes, there is the risk, they could be read by someone, who has access to the </span><span
style="font-family:Verdana">apache-sessions-</span><span style="font-family: Verdana">directory, but this user also
musthave access to the php-scripts with the encrypt-functions to get the unencryption-keys and he must be able to work
withthese informations.<br /><br />But I think, this solution is much more save then storing or comitting the
credentialsas clear-text in cookies, hidden formular-elements or as sessions. <br />But when you try to login to the
database,somehow the credentials must be cleartext, so you can't get rid of this lack of security </span><span
style="font-family:Verdana">in my opinion.<br /><br />By the way, this is an *intra*net-solution, and we don't have
hackersin our staff, I hope...<br /><br />Ludwig<br type="_moz" /></span>