On Fri, 14 Jan 2000, Jeff MacDonald wrote:
> hey folks,
>
> this is a security issue i'd like to get some info
> on, i'm sure it's more with cgi than postgres, but
> heck.
>
> issue: how to secure cgi's that access postgres
>
> problem: passwords for postgres database are stored
> in plain text in scripts. (lets assume, perl,
> not a compiled language)
>
> points:
> make cgi dir 711
> big deal, they can get the name of the file
> from the web, and copy it.
>
> set an obscure cgi script alias in apache
> big deal, they can read the cgi conf file.
Side point ... why isn't the apache conf file secure? Only user root
needs to be able to read it, no?
Marc G. Fournier ICQ#7615664 IRC Nick: Scrappy
Systems Administrator @ hub.org
primary: scrappy@hub.org secondary: scrappy@{freebsd|postgresql}.org