> > > Wouldn't it be possible to make this a httpd.conf configuration > > > option? > This assumes a few things: > > Situation 1: ISP manages httpd.conf, or > Situation 2: Client has own httpd.conf > > Situation 1: The file should be editable/readable only by root. If the file is >writeable > by anyone else, you've got problems anyhow. If the file is readable by non-roots, the > Midgard DB password is there in plaintext, so an intruder can just log into the mysql > database directly and trash your site, no matter where the database is located. > If someone cracks root on the machine I don't think you need to worry about them changing > the httpd.conf :/ > > Situation 2: If someone cracks your account and can change your own httpd.conf, > setting MidgardEngine off, changing the documentroot, possibly using mod_rewrite, >your > site is 'changed' in an instant too. And your DB password is in plain view, so once again, > the cracker can easily trash your content. > So I think making the database non-configurable buys you very little security. I know about this. But how to create reasonable solution in environments where user should setup Apache options in configuration file (those include various directives like MidgardParser, AddCharset, DefaultCharset, etc)? You might say about .htaccess but not all those options work in .htaccess - for example there are a couple of things that should be set up directly in virtual host. In this situation we could think about additional configuration file for Midgard-lib where different combinations 'DRIVER/HOST/DATABASE' should be defined together with name which will be used in httpd.conf then: Imagine midgard-lib.conf is: ----8<----- # Name driver host database password test mysql localhost:3306 midgard-test midgard production oracle 10.18.11.144:port midgard-production super-puper-password office pgsql client.intra.net:port our-sales internal-password -----8<---- and in httpd.conf -----8<---- MidgardDatabase test or MidgardDatabase production -----8<---- Store midgard-lib.conf in safe location (built in into midgard-lib during compilation), set needed rights and be happy? -- Alexander --------------------------------------------- This message was sent via BSPU MailMan server. http://www.bspu.unibel.by/MailMan/ -- This is The Midgard Project's mailing list. For more information, please visit the project's web site at http://www.midgard-project.org To unsubscribe the list, send an empty email message to address [EMAIL PROTECTED]
