Well, I guess the best solution would be to use a Windows server. Teddy, Teddy's Center: http://teddy.fcc.ro/ Email: [EMAIL PROTECTED]
----- Original Message ----- From: "Benjamin Pflugmann" <[EMAIL PROTECTED]> To: "Octavian Rasnita" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Wednesday, December 25, 2002 8:39 PM Subject: Re: Hiding the password Hello. On Wed 2002-12-25 at 13:15:58 +0200, [EMAIL PROTECTED] wrote: > Hi all, > > I want to make a CGI program in Perl that queries a MySQL database, and the > problem is that I need to write the password for the database in the program > and this password can be seen by any user that has an account on that > server. > > I need to gave 755 permissions to CGI scripts because they need to be > executed by the web server account, and not by my account. > > Do you have any tips for hiding the password, Not really. Whereever you put it, the web server account has be able to access it, so the problem stays. Even if you could arrange that only the web server account can read it (e.g. by changing the owner of a file containing the password), every user with permission to create CGI scripts can still write a script to read the data. > or accessing MySQL from CGI scripts is not secure at all? Well, it is as secure as the server is set up. E.g. one can set up Apache so that it executes CGIs as the user to whom the script belongs. I know this has its own problems... it was only intended as example that it is a question of the server configuration. The "best" way is always a compromise and depends on how the server is used. If the server configuration is not in your hands, I don't there is much you can do, except asking the admin which way she suggests. HTH, Benjamin. -- [EMAIL PROTECTED] --------------------------------------------------------------------- Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail <[EMAIL PROTECTED]> To unsubscribe, e-mail <[EMAIL PROTECTED]> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
