Yup, so, I guess my setup is a little off-key. *Engage sheepish mode* Turns out the admins for my system have apache in a development group, which all my files belong to, with 751 permissions. So, yeah, other users can't read the password per se.... but its obviously not what I thought it was. Ah well. I figured that out right after I sent out my last email... turns out 511 didn't work (551 did, of course).
Sorry! =] Nick Elliott ----- Original Message ----- From: "Mark" <[EMAIL PROTECTED]> To: "Nicholas Elliott" <[EMAIL PROTECTED]> Cc: "Octavian Rasnita" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Thursday, December 26, 2002 11:26 AM Subject: Re: Hiding the password > > ----- Original Message ----- > From: "Nicholas Elliott" <[EMAIL PROTECTED]> > To: "Mark" <[EMAIL PROTECTED]> > Cc: "Octavian Rasnita" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > Sent: Thursday, December 26, 2002 5:09 PM > Subject: Re: Hiding the password > > > > I chmod 511, on a CGI script owned by me. My username has access to > > read the source code, and apache can run the cgi script, but other users > > on the server cannot read the source themselves (minus root, etc). > > I am getting more curious by the minute. :) > > Assuming, for the argument, your username is "me", and your web-daemon is > not running as "me", then how will your web-daemon read from the CGI to > extract the shebang line? I do not see how this can be done. > > And, like I said, if your web-daemon can read from the CGI, so can everyone > else who can "run" web-pages on your server. > > - Mark mysql, query --------------------------------------------------------------------- Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail <[EMAIL PROTECTED]> To unsubscribe, e-mail <[EMAIL PROTECTED]> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
