From: | Alfred Perlstein <bright(at)wintelcom(dot)net> |
---|---|
To: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
Cc: | Jeff MacDonald <jeff(at)hub(dot)org>, pgsql-general(at)hub(dot)org |
Subject: | Re: [GENERAL] cgi with postgres |
Date: | 2000-01-16 21:14:35 |
Message-ID: | 20000116131435.G508@fw.wintelcom.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
* Peter Eisentraut <peter_e(at)gmx(dot)net> [000116 09:30] wrote:
> On 2000-01-14, Alfred Perlstein mentioned:
>
> > > issue: how to secure cgi's that access postgres
> > >
> > > problem: passwords for postgres database are stored
> > > in plain text in scripts. (lets assume, perl,
> > > not a compiled language)
> > >
> > > points:
> > > make cgi dir 711
> > > big deal, they can get the name of the file
> > > from the web, and copy it.
> >
> > how about sourcing a conf file that's in a 700 dir?
>
> Security through obscurity is little security indeed.
I don't see how using the unix permissions as a
form of ACL is security through obscurity... or do you
chmod 644 /etc/shadow on your boxes?
--
-Alfred Perlstein - [bright(at)wintelcom(dot)net|alfred(at)freebsd(dot)org]
From | Date | Subject | |
---|---|---|---|
Next Message | Il Paolone | 2000-01-16 22:22:26 | Re: [GENERAL] Debian php3+postgresql unable to connect |
Previous Message | Lamar Owen | 2000-01-16 21:08:12 | Re: [GENERAL] Debian php3+postgresql unable to connect |