On Sunday, March 2, 2003, at 09:18 AM, Wizard wrote:
I've got a script which reads a config file to get a database username and
password, among other things. What should the permissions be so that the
cgi script running on the web server can read the file, but
random users on
the system can't? Is this the best way for the script to get
sensitive info
like that?
I'd suggest that you store the password encrypted using crypt, and then when
the user enters the password, encrypt it and then compare the two. That way
you don't have any cleartext passwords lying around.
I think the OP meant a way to store the database connection password itself (which the CGI scripts must use in order to make database connections), so that the CGI can access the DB.
Erik
-- Erik Price
email: [EMAIL PROTECTED] jabber: [EMAIL PROTECTED]
_______________________________________________ Boston-pm mailing list [EMAIL PROTECTED] http://mail.pm.org/mailman/listinfo/boston-pm
