Re: [GENERAL] cgi with postgres
| От | Alfred Perlstein |
|---|---|
| Тема | Re: [GENERAL] cgi with postgres |
| Дата | |
| Msg-id | 20000116131435.G508@fw.wintelcom.net обсуждение исходный текст |
| Ответ на | Re: [GENERAL] cgi with postgres (Peter Eisentraut <peter_e@gmx.net>) |
| Список | pgsql-general |
* Peter Eisentraut <peter_e@gmx.net> [000116 09:30] wrote: > On 2000-01-14, Alfred Perlstein mentioned: > > > > issue: how to secure cgi's that access postgres > > > > > > problem: passwords for postgres database are stored > > > in plain text in scripts. (lets assume, perl, > > > not a compiled language) > > > > > > points: > > > make cgi dir 711 > > > big deal, they can get the name of the file > > > from the web, and copy it. > > > > how about sourcing a conf file that's in a 700 dir? > > Security through obscurity is little security indeed. I don't see how using the unix permissions as a form of ACL is security through obscurity... or do you chmod 644 /etc/shadow on your boxes? -- -Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org]
В списке pgsql-general по дате отправления: