Hello. On Thu 2002-12-26 at 09:26:09 -0500, [EMAIL PROTECTED] wrote: > i would try using php to have you page connect to the mysql database.. The code gets >parsed > first then is loaded into the browser...so the user & pass for the database is never >seen.. i > would use something like: > > $db = mysql_connect("localhost", "mysql-user", "mysql-user-password"); > mysql_select_db("whatever-database-name",$db);
Huh? How does this differ from the original problem with Perl? The script has to be world-readable in order to allow the web server account to read it in[1] and therefore anyone with shell access or access to write CGI scripts can read it. Bye, Benjamin [1] in the scenary presented by the original poster. [...] > > On Wed 2002-12-25 at 13:15:58 +0200, [EMAIL PROTECTED] wrote: > > > Hi all, > > > > > > I want to make a CGI program in Perl that queries a MySQL database, and the > > > problem is that I need to write the password for the database in the program > > > and this password can be seen by any user that has an account on that > > > server. > > > > > > I need to gave 755 permissions to CGI scripts because they need to be > > > executed by the web server account, and not by my account. > > > > > > Do you have any tips for hiding the password, > > > > Not really. Whereever you put it, the web server account has be able > > to access it, so the problem stays. Even if you could arrange that > > only the web server account can read it (e.g. by changing the owner of > > a file containing the password), every user with permission to create > > CGI scripts can still write a script to read the data. [...] -- [EMAIL PROTECTED] --------------------------------------------------------------------- Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail <[EMAIL PROTECTED]> To unsubscribe, e-mail <[EMAIL PROTECTED]> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php