Does the CGI-script need to be world-readable, or just world-executable? All my perl CGI scripts are set up that way, so while anyone can run it, only I can read the source code....
----- Original Message ----- From: "Benjamin Pflugmann" <[EMAIL PROTECTED]> To: "Brent Bailey" <[EMAIL PROTECTED]> Cc: "Octavian Rasnita" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Thursday, December 26, 2002 9:38 AM Subject: Re: Hiding the password > Hello. > > On Thu 2002-12-26 at 09:26:09 -0500, [EMAIL PROTECTED] wrote: > > i would try using php to have you page connect to the mysql database.. The code gets parsed > > first then is loaded into the browser...so the user & pass for the database is never seen.. i > > would use something like: > > > > $db = mysql_connect("localhost", "mysql-user", "mysql-user-password"); > > mysql_select_db("whatever-database-name",$db); > > Huh? How does this differ from the original problem with Perl? The > script has to be world-readable in order to allow the web server > account to read it in[1] and therefore anyone with shell access or access > to write CGI scripts can read it. > > Bye, > > Benjamin > > > [1] in the scenary presented by the original poster. > > > [...] > > > On Wed 2002-12-25 at 13:15:58 +0200, [EMAIL PROTECTED] wrote: > > > > Hi all, > > > > > > > > I want to make a CGI program in Perl that queries a MySQL database, and the > > > > problem is that I need to write the password for the database in the program > > > > and this password can be seen by any user that has an account on that > > > > server. > > > > > > > > I need to gave 755 permissions to CGI scripts because they need to be > > > > executed by the web server account, and not by my account. > > > > > > > > Do you have any tips for hiding the password, > > > > > > Not really. Whereever you put it, the web server account has be able > > > to access it, so the problem stays. Even if you could arrange that > > > only the web server account can read it (e.g. by changing the owner of > > > a file containing the password), every user with permission to create > > > CGI scripts can still write a script to read the data. > [...] > > -- > [EMAIL PROTECTED] > > --------------------------------------------------------------------- > Before posting, please check: > http://www.mysql.com/manual.php (the manual) > http://lists.mysql.com/ (the list archive) > > To request this thread, e-mail <[EMAIL PROTECTED]> > To unsubscribe, e-mail <[EMAIL PROTECTED]> > Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php --------------------------------------------------------------------- Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail <[EMAIL PROTECTED]> To unsubscribe, e-mail <[EMAIL PROTECTED]> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php