Home > mailing lists

Re: [GENERAL] cgi with postgres - Mailing list pgsql-general

From	Peter Eisentraut
Subject	Re: [GENERAL] cgi with postgres
Date	January 16, 2000 15:08:03
Msg-id	Pine.LNX.4.21.0001152014020.386-100000@localhost.localdomain Whole thread Raw
In response to	Re: [GENERAL] cgi with postgres (Alfred Perlstein <bright@wintelcom.net>)
Responses	Re: [GENERAL] cgi with postgres
List	pgsql-general

Tree view

On 2000-01-14, Alfred Perlstein mentioned:

> > issue: how to secure cgi's that access postgres
> >
> > problem: passwords for postgres database are stored
> >       in plain text in scripts. (lets assume, perl,
> >       not a compiled language)
> >
> > points:
> >     make cgi dir 711
> >     big deal, they can get the name of the file
> >     from the web, and copy it.
>
> how about sourcing a conf file that's in a 700 dir?

Security through obscurity is little security indeed.

--
Peter Eisentraut                  Sernanders väg 10:115
peter_e@gmx.net                   75262 Uppsala
http://yi.org/peter-e/            Sweden

pgsql-general by date:

From: Peter Eisentraut
Date: 16 January 2000, 15:08:00
Subject: Re: [GENERAL] PSQL Function() help....

From: Peter Eisentraut
Date: 16 January 2000, 15:08:04
Subject: Re: [GENERAL] cgi with postgres

Re: [GENERAL] cgi with postgres - Mailing list pgsql-general

Previous

Next