Re: [GENERAL] cgi with postgres - Mailing list pgsql-general

From Stephane Bortzmeyer
Subject Re: [GENERAL] cgi with postgres
Date
Msg-id 200001171355.OAA27261@ezili.sis.pasteur.fr
Whole thread Raw
In response to cgi with postgres  (Jeff MacDonald <jeff@hub.org>)
Responses Re: [GENERAL] cgi with postgres
List pgsql-general
On Friday 14 January 2000, at 16 h 55, the keyboard of Jeff MacDonald
<jeff@hub.org> wrote:

>     make cgi dir 711
>     big deal, they can get the name of the file
>     from the web, and copy it.

My CGIs sources a config file, in mode 700, only readable by 'www' (the user
which executes Apache).

I adopted this after a CGI was inadvenrdently made available on the Web, in
source form :-)

If you have CGI authors you do not trust, have two Apache, with different IDs.

>     this is assuming they already have an account
>     on the machine, something that cannot be ruled
>     out.

Unix file protections are enough against local users.




pgsql-general by date:

Previous
From: "Moray McConnachie"
Date:
Subject: Re: Re[2]: [GENERAL] case-insensitive like operator
Next
From: Robert Davis
Date:
Subject: Re: [GENERAL] How do you live without OUTER joins?