[thesite] UEUE v.0.2 Update

Warden, Matt mwarden at mattwarden.com
Mon Nov 5 20:28:45 CST 2001


On Nov 6, isaac had something to say about RE: [thesite] UEUE v.0.2 Update

>> And I don't want to ever have to say to a member "yeah you could help out,
>> but i don't want you to see our database password, so no dice." And, if
>> you *don't* say that, I think we get into screening issues.
>
>As it is, anyone given access can run a query and grab any password from the
>db anyway, right?

Yup. THat's the problem we're trying to solve here. Adding a password to
the queries just ain't the solution.

>It's one extra level of security 

If by "level" you mean that one must go through one extra step to gain
access to our database, then yes.

>I've not followed the UEUE gear enough to comment on the viability/necessity
>of that at this stage.

The benefit of UEUE here is that we could single out only the server with
UEUE on it and ONLY allow that server to access the database with member
info.

Then, problem solved. And it can't be circumvented by looking at our
source code.


--
mattwarden
mattwarden.com





More information about the thesite mailing list