| From: | Alfred Perlstein <bright(at)wintelcom(dot)net> |
|---|---|
| To: | Jeff MacDonald <jeff(at)hub(dot)org> |
| Cc: | pgsql-general(at)hub(dot)org |
| Subject: | Re: [GENERAL] cgi with postgres |
| Date: | 2000-01-14 21:53:30 |
| Message-ID: | 20000114135329.D508@fw.wintelcom.net |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
* Jeff MacDonald <jeff(at)hub(dot)org> [000114 13:38] wrote:
> hey folks,
>
> this is a security issue i'd like to get some info
> on, i'm sure it's more with cgi than postgres, but
> heck.
>
> issue: how to secure cgi's that access postgres
>
> problem: passwords for postgres database are stored
> in plain text in scripts. (lets assume, perl,
> not a compiled language)
>
> points:
> make cgi dir 711
> big deal, they can get the name of the file
> from the web, and copy it.
how about sourcing a conf file that's in a 700 dir?
>
> set an obscure cgi script alias in apache
> big deal, they can read the cgi conf file.
>
> this is assuming they already have an account
> on the machine, something that cannot be ruled
> out.
>
> question in short: how to make perl accessing databases
> more secure, so any jack can't modify a database.
>
> thanks in advance.
>
> Jeff MacDonald
> jeff(at)hub(dot)org
>
--
-Alfred Perlstein - [bright(at)wintelcom(dot)net|alfred(at)freebsd(dot)org]
| From | Date | Subject | |
|---|---|---|---|
| Next Message | rut | 2000-01-14 22:16:50 | sql question |
| Previous Message | Jeff MacDonald | 2000-01-14 21:45:10 | Re: [GENERAL] cgi with postgres |