hey folks,
this is a security issue i'd like to get some info
on, i'm sure it's more with cgi than postgres, but
heck.
issue: how to secure cgi's that access postgres
problem: passwords for postgres database are stored
in plain text in scripts. (lets assume, perl,
not a compiled language)
points:
make cgi dir 711
big deal, they can get the name of the file
from the web, and copy it.
set an obscure cgi script alias in apache
big deal, they can read the cgi conf file.
this is assuming they already have an account
on the machine, something that cannot be ruled
out.
question in short: how to make perl accessing databases
more secure, so any jack can't modify a database.
thanks in advance.
Jeff MacDonald
jeff@hub.org
===================================================================
So long as the Universe had a beginning, we can suppose it had a
creator, but if the Universe is completly self contained , having
no boundry or edge, it would neither be created nor destroyed
It would simply be.
===================================================================