Re: [GENERAL] cgi with postgres

alfred, that seems like a very reasonable solution,

in regard to the other chaps responce, i'm not worried
about web users anyway, cause they can't see the perl
source. it's users on the system i'd like to protect
against.

On Fri, 14 Jan 2000, Alfred Perlstein wrote:

> * Jeff MacDonald <jeff(at)hub(dot)org> [000114 13:38] wrote:
> > hey folks,
> >
> > this is a security issue i'd like to get some info
> > on, i'm sure it's more with cgi than postgres, but
> > heck.
> >
> > issue: how to secure cgi's that access postgres
> >
> > problem: passwords for postgres database are stored
> > in plain text in scripts. (lets assume, perl,
> > not a compiled language)
> >
> > points:
> > make cgi dir 711
> > big deal, they can get the name of the file
> > from the web, and copy it.
>
> how about sourcing a conf file that's in a 700 dir?
>
> >
> > set an obscure cgi script alias in apache
> > big deal, they can read the cgi conf file.
> >
> > this is assuming they already have an account
> > on the machine, something that cannot be ruled
> > out.
> >
> > question in short: how to make perl accessing databases
> > more secure, so any jack can't modify a database.
> >
> > thanks in advance.
> >
> > Jeff MacDonald
> > jeff(at)hub(dot)org
> >
>
> --
> -Alfred Perlstein - [bright(at)wintelcom(dot)net|alfred(at)freebsd(dot)org]
>

Jeff MacDonald
jeff(at)hub(dot)org

===================================================================
So long as the Universe had a beginning, we can suppose it had a
creator, but if the Universe is completly self contained , having
no boundry or edge, it would neither be created nor destroyed
It would simply be.
===================================================================