From: | "Andrew J(dot) Kopciuch" <akopciuch(at)bddf(dot)ca> |
---|---|
To: | "Cody Phanekham" <Cody(dot)Phanekham(at)salmat(dot)com(dot)au>, <pgsql-php(at)postgresql(dot)org> |
Subject: | Re: Securing PHP scripts |
Date: | 2003-08-19 06:49:05 |
Message-ID: | 200308190049.05680.akopciuch@bddf.ca |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-php |
On Monday 18 August 2003 21:08, Cody Phanekham wrote:
> I should of mentioned that the server is a dedicated PHP / PostgreSQL
> server, therefore no other user would have access to it.
>
> My only concern is *if* the server gets compromised, then the attacker
> would have access to the DB without too much effort.
>
If by "comprimised" you mean rooted, then the attacker can do whatever they
like on the system anyways. If someone has root on a box ... they have
access to the DB ... with or without a password to begin with.
Andy
From | Date | Subject | |
---|---|---|---|
Next Message | Gerd Terlutter | 2003-08-19 08:05:55 | Re: Authentication Failure with pg_pconnect |
Previous Message | Cody Phanekham | 2003-08-19 03:08:46 | Re: Securing PHP scripts |