Hello.
On Thu 2002-12-26 at 09:26:09 -0500, [EMAIL PROTECTED] wrote:
> i would try using php to have you page connect to the mysql database.. The code gets
>parsed
> first then is loaded into the browser...so the user & pass for the database is never
>seen.. i
> would use something like:
>
> $db = mysql_connect("localhost", "mysql-user", "mysql-user-password");
> mysql_select_db("whatever-database-name",$db);
Huh? How does this differ from the original problem with Perl? The
script has to be world-readable in order to allow the web server
account to read it in[1] and therefore anyone with shell access or access
to write CGI scripts can read it.
Bye,
Benjamin
[1] in the scenary presented by the original poster.
[...]
> > On Wed 2002-12-25 at 13:15:58 +0200, [EMAIL PROTECTED] wrote:
> > > Hi all,
> > >
> > > I want to make a CGI program in Perl that queries a MySQL database, and the
> > > problem is that I need to write the password for the database in the program
> > > and this password can be seen by any user that has an account on that
> > > server.
> > >
> > > I need to gave 755 permissions to CGI scripts because they need to be
> > > executed by the web server account, and not by my account.
> > >
> > > Do you have any tips for hiding the password,
> >
> > Not really. Whereever you put it, the web server account has be able
> > to access it, so the problem stays. Even if you could arrange that
> > only the web server account can read it (e.g. by changing the owner of
> > a file containing the password), every user with permission to create
> > CGI scripts can still write a script to read the data.
[...]
--
[EMAIL PROTECTED]
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
