Home > mailing lists

Re: [GENERAL] cgi with postgres - Mailing list pgsql-general

From	Alfred Perlstein
Subject	Re: [GENERAL] cgi with postgres
Date	January 16, 2000 18:52:47
Msg-id	20000116131435.G508@fw.wintelcom.net Whole thread Raw
In response to	Re: [GENERAL] cgi with postgres (Peter Eisentraut <peter_e@gmx.net>)
List	pgsql-general

Tree view

* Peter Eisentraut <peter_e@gmx.net> [000116 09:30] wrote:
> On 2000-01-14, Alfred Perlstein mentioned:
>
> > > issue: how to secure cgi's that access postgres
> > >
> > > problem: passwords for postgres database are stored
> > >       in plain text in scripts. (lets assume, perl,
> > >       not a compiled language)
> > >
> > > points:
> > >     make cgi dir 711
> > >     big deal, they can get the name of the file
> > >     from the web, and copy it.
> >
> > how about sourcing a conf file that's in a 700 dir?
>
> Security through obscurity is little security indeed.

I don't see how using the unix permissions as a
form of ACL is security through obscurity... or do you
chmod 644 /etc/shadow on your boxes?

--
-Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org]

pgsql-general by date:

From: Il Paolone
Date: 16 January 2000, 17:30:49
Subject: Debian php3+postgresql unable to connect

From: Lamar Owen
Date: 16 January 2000, 19:03:48
Subject: Re: [GENERAL] Debian php3+postgresql unable to connect

Re: [GENERAL] cgi with postgres - Mailing list pgsql-general

Previous

Next