| From: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
|---|---|
| To: | Alfred Perlstein <bright(at)wintelcom(dot)net> |
| Cc: | Jeff MacDonald <jeff(at)hub(dot)org>, pgsql-general(at)hub(dot)org |
| Subject: | Re: [GENERAL] cgi with postgres |
| Date: | 2000-01-16 17:13:56 |
| Message-ID: | Pine.LNX.4.21.0001152014020.386-100000@localhost.localdomain |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On 2000-01-14, Alfred Perlstein mentioned:
> > issue: how to secure cgi's that access postgres
> >
> > problem: passwords for postgres database are stored
> > in plain text in scripts. (lets assume, perl,
> > not a compiled language)
> >
> > points:
> > make cgi dir 711
> > big deal, they can get the name of the file
> > from the web, and copy it.
>
> how about sourcing a conf file that's in a 700 dir?
Security through obscurity is little security indeed.
--
Peter Eisentraut Sernanders väg 10:115
peter_e(at)gmx(dot)net 75262 Uppsala
http://yi.org/peter-e/ Sweden
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2000-01-16 17:14:00 | Re: [GENERAL] GRANT ALL ON * TO username? |
| Previous Message | Peter Eisentraut | 2000-01-16 17:13:51 | Re: Oids vs Serial fields (was Re: [GENERAL] searching oid's) |