On Sun, Jul 29, 2012 at 07:37:17PM +1000, Nigel Sheridan-Smith wrote: > Furthermore, environmental variables are probably on-par security wise. > > For example, I believe... > > DATABASE_URI=mysql://foo:bar@localhost/myDatabase > > ... could be queried from the /proc directory on Linux, just like other > command line parameters for any running process once you have a shell > account on the box. You might want to see if that is the case first before > using that strategy.
/proc/$pid/environ is usually mode 0400 on Linux afaik, so only the user running the process or a root level user can read it. Malc -- You received this message because you are subscribed to the Google Groups "Ruby or Rails Oceania" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rails-oceania?hl=en.
