| From: | Alfred Perlstein <bright(at)wintelcom(dot)net> |
|---|---|
| To: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
| Cc: | Jeff MacDonald <jeff(at)hub(dot)org>, pgsql-general(at)hub(dot)org |
| Subject: | Re: [GENERAL] cgi with postgres |
| Date: | 2000-01-16 21:14:35 |
| Message-ID: | 20000116131435.G508@fw.wintelcom.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
* Peter Eisentraut <peter_e(at)gmx(dot)net> [000116 09:30] wrote:
> On 2000-01-14, Alfred Perlstein mentioned:
>
> > > issue: how to secure cgi's that access postgres
> > >
> > > problem: passwords for postgres database are stored
> > > in plain text in scripts. (lets assume, perl,
> > > not a compiled language)
> > >
> > > points:
> > > make cgi dir 711
> > > big deal, they can get the name of the file
> > > from the web, and copy it.
> >
> > how about sourcing a conf file that's in a 700 dir?
>
> Security through obscurity is little security indeed.
I don't see how using the unix permissions as a
form of ACL is security through obscurity... or do you
chmod 644 /etc/shadow on your boxes?
--
-Alfred Perlstein - [bright(at)wintelcom(dot)net|alfred(at)freebsd(dot)org]
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Il Paolone | 2000-01-16 22:22:26 | Re: [GENERAL] Debian php3+postgresql unable to connect |
| Previous Message | Lamar Owen | 2000-01-16 21:08:12 | Re: [GENERAL] Debian php3+postgresql unable to connect |