Re: [GENERAL] cgi with postgres
| От | Peter Eisentraut |
|---|---|
| Тема | Re: [GENERAL] cgi with postgres |
| Дата | |
| Msg-id | Pine.LNX.4.21.0001152014020.386-100000@localhost.localdomain обсуждение исходный текст |
| Ответ на | Re: [GENERAL] cgi with postgres (Alfred Perlstein <bright@wintelcom.net>) |
| Ответы |
Re: [GENERAL] cgi with postgres
|
| Список | pgsql-general |
On 2000-01-14, Alfred Perlstein mentioned: > > issue: how to secure cgi's that access postgres > > > > problem: passwords for postgres database are stored > > in plain text in scripts. (lets assume, perl, > > not a compiled language) > > > > points: > > make cgi dir 711 > > big deal, they can get the name of the file > > from the web, and copy it. > > how about sourcing a conf file that's in a 700 dir? Security through obscurity is little security indeed. -- Peter Eisentraut Sernanders väg 10:115 peter_e@gmx.net 75262 Uppsala http://yi.org/peter-e/ Sweden
В списке pgsql-general по дате отправления: