case of shared servers.
Regards
Rajeev
- Original Message -
From: "Curtis Poe" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, September 05, 2001 11:53 PM
Subject: Re: Extened - Re: securing sensitive information in CGI scripts
> --- Rajeev Rumale &
--- Rajeev Rumale <[EMAIL PROTECTED]> wrote:
> I need to store some uploaded files from the "visitors" into some
> directories which are inside website root.
Rajeev,
Why do you need to store them there? If you can answer that for us, we can give you
much better
advice on how to secure it.
Che
This is a very different security question. Basically I think there are two
major classes of solution.
One is based on randomness and the other is based on a harder core ACL
check in the CGI itself and requires the CGI control access to the file
more tightly.
In Detail:
One way which isn't t
Hi all,
I actually combine both of these suggestions. I have my passwords stored
seperately. In fact, I tend to put ALL database functions in one perl module
or PHP include file outsite the docroot. It adds an extra level of
abstraction when I'm writing my CGI/PHP code. It also means that
Greetings to all,
This is really a good thread we have.
How ever as the title is not restricting to database security. I would like
to add my concern to it.
I need to store some uploaded files from the "visitors" into some
directories which are inside website root.
Since the files submited are
At 10:34 AM 9/4/2001 +, Mel Matsuoka wrote:
>At 07:20 PM 09/04/2001 +0100, yahoo wrote:
> >Hi all,
> >I'd like to find out peoples opinion on the following.
> >
> >If you have a perl cgi script which accesses a database, are there any
> >security issues with having the DBI connection details i
At 04:49 PM 09/04/2001 -0400, Lisa Nyman wrote:
>Hi,
>
>One thing to do is to be sure that the db user who accesses the db
>from a web page has properly restricted rights within the database.
>
>For example, in mysql, you can set table and column priveledges for each
>user and table.
This is a ve
Hi,
One thing to do is to be sure that the db user who accesses the db
from a web page has properly restricted rights within the database.
For example, in mysql, you can set table and column priveledges for each
user and table.
Lisa Wolfisch Nyman <[EMAIL PROTECTED]> IT Warrior Princess
"Life
At 07:20 PM 09/04/2001 +0100, yahoo wrote:
>Hi all,
>I'd like to find out peoples opinion on the following.
>
>If you have a perl cgi script which accesses a database, are there any
>security issues with having the DBI connection details in the perl script
>(rather than, say, an external file not
Hi all,
I'd like to find out peoples opinion on the following.
If you have a perl cgi script which accesses a database, are there any
security issues with having the DBI connection details in the perl script
(rather than, say, an external file not in the document root - is this
better?)?
What do
10 matches
Mail list logo
