Can I store my db on a public server?

Help
2006-03-06
2012-11-19
  • Just wondering whether it's ok to store my database file on a public webserver? Assuming I have a long password that I have confidence in, am I correct in thinking that there's no need to hide the file?

    I think it would be useful to be able to access it from anywhere, I just want to check that I'm not overlooking anything :)

     
    • Bill Rubin
      Bill Rubin
      2006-03-06

      If you have a strong master password, there should be no problem. Notice that I said 'strong', not 'long'. A rule of thumb is that if you can remember your password, then it's not strong. For example, the password 'now is the time for all good men' is long, but probably not strong.

      It's often impractical to manage a strong master password, because you must write it down somewhere yet still keep it secret. Protecting your database using a secret key file has some advantages in this regard.

      Bill Rubin

       
    • Thanks. I understand the difference between long and strong, my password is derived from the diceware method (http://www.diceware.com/).

      The problem with using a key file is that it's difficult to always have it available whenever I need it. That's the kind of portability I'm trying to achieve with putting my database on the web.

       
    • Bill Rubin
      Bill Rubin
      2006-03-07

      Thanks for the reference to diceware; I didn't know about that. It appears to be a well-thought-out way to get a strong password. If your diceware password is sufficiently strong, your database should be safe on a webserver.

      Bill Rubin

       
    • Paul
      Paul
      2006-03-07

      If you put your password on a web server, make sure there are no links to it. Then it is less likely to be picked up by people checking the server.

      cheers, Paul

       
    • Bill Rubin
      Bill Rubin
      2006-03-07

      Paul, I assume you meant 'password database', not 'password'!

      Bill Rubin

       
    • Paul
      Paul
      2006-03-07

      Oops!