An interesting question about embperl. I know a few people are
using it. I'm trying to set it up on a multiuser machine but I'm having
a security issue.
The start of most of my index.epl's look something like this
$data_source = "dbi:Pg:dbname=$db_name";
$username = "user";
$password = "password";
$dbh = DBI->connect($data_source, $username, $password) or die "Couldn't
connect to db $DBI::errstr";
now because the whole point of mod_perl, well one of them, is that there
is just one perl process it runs on my box as www-data. ie you can't do
any fancy su-exec stuff.
This means that index.epl who is say owned by user johnf has to be
-rw-r--r-- 1 stats stats 6458 Apr 7 12:52 index.epl
ie world readable so the webserver can open it. Hence the problem
everyone can see the db password.
The only way I can see around this is ti have a db.conf file with
username and password details in it. Which is owned by www-data and 600.
Problem with that is that then the users have to ask sysadmin to create
it for them everytime they change their password or else write a suid
script to do it for them.
Anyone have any other ideas on how to get around this?
I'm assuming things like php would have similar issues
--
John Ferlito
Senior Engineer - Bulletproof Networks
ph: +61 (0) 410 519 382
http://www.bulletproof.net.au/
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
