Re: MySQL Security

William R. Mussatto Wed, 04 Apr 2001 09:58:18 -0700
Apache can be set to run your cgi as you user which means that it could 
be set world unreadable I think.

On Wed, 4 Apr 2001, Taing Nguon wrote:

> Date: Wed, 4 Apr 2001 07:14:33 +0700
> From: Taing Nguon <[EMAIL PROTECTED]>
> To: "William R. Mussatto" <[EMAIL PROTECTED]>
> Cc: [EMAIL PROTECTED]
> Subject: Re: MySQL Security
> 
> > Make sure that the files are not world readable.
> 
>     In Linux system, In order to run CGI in PERL script, that perl script
> must be 755. It is read by any users and Perl is written in text format, so
> Its is easy to know user and password of MYSQL. How do you think about
> this?Need More HELP!!!!
> 
> Million of thanks
> 
> Regards
> Taing Nguon
> 
> 
> > On Tue, 3 Apr 2001, Taing Nguon wrote:
> >
> > > Date: Tue, 3 Apr 2001 09:52:30 +0700
> > > From: Taing Nguon <[EMAIL PROTECTED]>
> > > To: [EMAIL PROTECTED]
> > > Subject: MySQL Security
> > >
> > > Dear sir or madam
> > >
> > >     MySQL user's account is not related to user's account on Linux =
> > > System, so they can be different.
> > >
> > > My problem is that I use perl DBI to interact MySQL server as belows:
> > >
> > > ------
> > > use DBI;
> > > $dbh =3D DBI->connect("DBI:mysql:DatabaseName","$user","$password");
> > >
> > > -------
> > >
> > > So $user and $password can be known by any users in Linux system because
> =
> > >  they are written in text format and DataBase can be changed or updated
> =
> > > by other users in Linux system easily by using Perl DBI. Is there any =
> > > way to prevent Database from being changed? Millon of thanks!!!!
> > >
> > >
> > > Regards
> > >
> > > Taing Nguon
> > >
> > >
> > >
> >
> > Sincerely,
> >
> > William Mussatto, Senior Systems Engineer
> > CyberStrategies, Inc
> > ph. 909-920-9154 ext. 27
> >
> 
> 
> 
> ---------------------------------------------------------------------
> Before posting, please check:
>    http://www.mysql.com/manual.php   (the manual)
>    http://lists.mysql.com/           (the list archive)
> 
> To request this thread, e-mail <[EMAIL PROTECTED]>
> To unsubscribe, e-mail <[EMAIL PROTECTED]>
> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
> 

Sincerely,

William Mussatto, Senior Systems Engineer
CyberStrategies, Inc
ph. 909-920-9154 ext. 27


---------------------------------------------------------------------
Before posting, please check:
   http://www.mysql.com/manual.php   (the manual)
   http://lists.mysql.com/           (the list archive)

To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: MySQL Security

Reply via email to
