Re: [GENERAL] cgi with postgres
| От | Alfred Perlstein |
|---|---|
| Тема | Re: [GENERAL] cgi with postgres |
| Дата | |
| Msg-id | 20000114145228.F508@fw.wintelcom.net обсуждение исходный текст |
| Ответ на | Re: [GENERAL] cgi with postgres (Jeff MacDonald <jeff@hub.org>) |
| Список | pgsql-general |
* Jeff MacDonald <jeff@hub.org> [000114 14:07] wrote: > alfred, that seems like a very reasonable solution, > > in regard to the other chaps responce, i'm not worried > about web users anyway, cause they can't see the perl > source. it's users on the system i'd like to protect > against. I'm not sure what you mean, but there is a problem, unless you execute the scripts as a user other than the default cgi user then you may run into problems because then people can craft a cgi and run it through the server to gain access to the 700 dir, you'll either need some sort of setuid (to a special user, not root) or use some sort of cgiwrapper. -Alfred > > On Fri, 14 Jan 2000, Alfred Perlstein wrote: > > > * Jeff MacDonald <jeff@hub.org> [000114 13:38] wrote: > > > hey folks, > > > > > > this is a security issue i'd like to get some info > > > on, i'm sure it's more with cgi than postgres, but > > > heck. > > > > > > issue: how to secure cgi's that access postgres > > > > > > problem: passwords for postgres database are stored > > > in plain text in scripts. (lets assume, perl, > > > not a compiled language) > > > > > > points: > > > make cgi dir 711 > > > big deal, they can get the name of the file > > > from the web, and copy it. > > > > how about sourcing a conf file that's in a 700 dir? > > > > > > > > set an obscure cgi script alias in apache > > > big deal, they can read the cgi conf file. > > > > > > this is assuming they already have an account > > > on the machine, something that cannot be ruled > > > out. > > > > > > question in short: how to make perl accessing databases > > > more secure, so any jack can't modify a database. > > > > > > thanks in advance. > > > > > > Jeff MacDonald > > > jeff@hub.org > > > > > > > -- > > -Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org] > > > > Jeff MacDonald > jeff@hub.org > > =================================================================== > So long as the Universe had a beginning, we can suppose it had a > creator, but if the Universe is completly self contained , having > no boundry or edge, it would neither be created nor destroyed > It would simply be. > =================================================================== > -- -Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org]
В списке pgsql-general по дате отправления: