Home > mailing lists

Re: Securing PHP scripts - Mailing list pgsql-php

From	Andrew J. Kopciuch
Subject	Re: Securing PHP scripts
Date	August 20, 2003 11:48:50
Msg-id	200308190049.05680.akopciuch@bddf.ca Whole thread Raw
In response to	Re: Securing PHP scripts ("Cody Phanekham" <Cody.Phanekham@salmat.com.au>)
List	pgsql-php

Tree view

On Monday 18 August 2003 21:08, Cody Phanekham wrote:
> I should of mentioned that the server is a dedicated PHP / PostgreSQL
> server, therefore no other user would have access to it.
>
> My only concern is *if* the server gets compromised, then the attacker
> would have access to the DB without too much effort.
>

If by "comprimised" you mean rooted, then the attacker can do whatever they
like on the system anyways.  If someone has root on a box ... they have
access to the DB ... with or without a password to begin with.

Andy

pgsql-php by date:

From: Ângelo Marcos Rigo
Date: 19 August 2003, 17:53:07
Subject: Re: Update problem

From: Martin Marques
Date: 20 August 2003, 15:08:35
Subject: Re: Postgres connection

Re: Securing PHP scripts - Mailing list pgsql-php

Previous

Next