I chmod 511, on a CGI script owned by me. My username has access to read the source code, and apache can run the cgi script, but other users on the server cannot read the source themselves (minus root, etc).
The original question was, > I want to make a CGI program in Perl that queries a MySQL database, and the > problem is that I need to write the password for the database in the program > and this password can be seen by any user that has an account on that > server. > > I need to gave 755 permissions to CGI scripts because they need to be > executed by the web server account, and not by my account. Maybe I do have a strange setup on my server, but I don't need to set my permissions to 755 to allow apache to excecute a file owned by me. 711/511 will work, while preventing "any user that has an account on that server" from seeing the password. Nick Elliott ----- Original Message ----- From: "Mark" <[EMAIL PROTECTED]> To: "Nicholas Elliott" <[EMAIL PROTECTED]>; "Benjamin Pflugmann" <[EMAIL PROTECTED]>; "Brent Bailey" <[EMAIL PROTECTED]> Cc: "Octavian Rasnita" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Thursday, December 26, 2002 10:56 AM Subject: Re: Hiding the password > ----- Original Message ----- > From: "Nicholas Elliott" <[EMAIL PROTECTED]> > To: "Benjamin Pflugmann" <[EMAIL PROTECTED]>; "Brent Bailey" > <[EMAIL PROTECTED]> > Cc: "Octavian Rasnita" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > Sent: Thursday, December 26, 2002 4:17 PM > Subject: Re: Hiding the password > > > > Does the CGI-script need to be world-readable, or just world- > > executable? All my perl CGI scripts are set up that way, so while > > anyone can run it, only I can read the source code.... > > > What manner of http daemon do you have running that allows "chmod 111" Perl > CGI scripts to run? At the very least, the shebang-line needs to be read > from the CGI. I tested it, and my test-CGI, according to my expectation, > gives a "Permission denied" on a chmod 111 script. And I would be more > worried if it behaved differently. > > And if you set ownership to the the Perl scripts to the "nobody" user (and > run "chmod 551", for instance), then still everyone with access to running > pages on your web-daemon, will also have read-access to your Perl CGI > scripts. > > Or am I missing something? > > - Mark --------------------------------------------------------------------- Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail <[EMAIL PROTECTED]> To unsubscribe, e-mail <[EMAIL PROTECTED]> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
