Home > mailing lists

Re: [GENERAL] cgi with postgres - Mailing list pgsql-general

From	The Hermit Hacker
Subject	Re: [GENERAL] cgi with postgres
Date	January 14, 2000 22:15:21
Msg-id	Pine.BSF.4.21.0001142014370.46499-100000@thelab.hub.org Whole thread Raw
In response to	cgi with postgres (Jeff MacDonald <jeff@hub.org>)
Responses	Re: [GENERAL] cgi with postgres (Peter Eisentraut <peter_e@gmx.net>)
List	pgsql-general

Tree view

On Fri, 14 Jan 2000, Jeff MacDonald wrote:

> hey folks,
>
> this is a security issue i'd like to get some info
> on, i'm sure it's more with cgi than postgres, but
> heck.
>
> issue: how to secure cgi's that access postgres
>
> problem: passwords for postgres database are stored
>       in plain text in scripts. (lets assume, perl,
>       not a compiled language)
>
> points:
>     make cgi dir 711
>     big deal, they can get the name of the file
>     from the web, and copy it.
>
>     set an obscure cgi script alias in apache
>     big deal, they can read the cgi conf file.

Side point ... why isn't the apache conf file secure?  Only user root
needs to be able to read it, no?

Marc G. Fournier                   ICQ#7615664               IRC Nick: Scrappy
Systems Administrator @ hub.org
primary: scrappy@hub.org           secondary: scrappy@{freebsd|postgresql}.org

pgsql-general by date:

From: Kevin Heflin
Date: 14 January 2000, 21:09:17
Subject: problem with date range

From: "Neil Burrows"
Date: 14 January 2000, 22:37:18
Subject: More Rule creation problems (and nowhere near 8K)

Re: [GENERAL] cgi with postgres - Mailing list pgsql-general

Previous

Next