Alfred Perlstein wrote:
> * Ron Chmara <[EMAIL PROTECTED]> [000116 16:18] wrote:
Snip_> Of security items.
> All these options don't take into account that perhaps you don't
> want people _on the same box_
Well, I assumed that web clients, using cgi, was the "Subject:",
so I didn't adrdress
* Ron Chmara <[EMAIL PROTECTED]> [000116 16:18] wrote:
> Peter Eisentraut wrote:
> >
> > On 2000-01-14, Alfred Perlstein mentioned:
> >
> > > > issue: how to secure cgi's that access postgres
> > > >
> > > > problem: passwords for postgres database are stored
> > > > in plain text in scrip
Peter Eisentraut wrote:
>
> On 2000-01-14, Alfred Perlstein mentioned:
>
> > > issue: how to secure cgi's that access postgres
> > >
> > > problem: passwords for postgres database are stored
> > > in plain text in scripts. (lets assume, perl,
> > > not a compiled language)
> > >
> >
* Peter Eisentraut <[EMAIL PROTECTED]> [000116 09:30] wrote:
> On 2000-01-14, Alfred Perlstein mentioned:
>
> > > issue: how to secure cgi's that access postgres
> > >
> > > problem: passwords for postgres database are stored
> > > in plain text in scripts. (lets assume, perl,
> > >
On 2000-01-14, Alfred Perlstein mentioned:
> > issue: how to secure cgi's that access postgres
> >
> > problem: passwords for postgres database are stored
> > in plain text in scripts. (lets assume, perl,
> > not a compiled language)
> >
> > points:
> > make cgi dir 711
> >
On 2000-01-14, The Hermit Hacker mentioned:
> Side point ... why isn't the apache conf file secure? Only user root
> needs to be able to read it, no?
Huh? You run apache as root?
--
Peter Eisentraut Sernanders väg 10:115
[EMAIL PROTECTED] 75262 Uppsala
http:
On Fri, 14 Jan 2000, Jeff MacDonald wrote:
> hey folks,
>
> this is a security issue i'd like to get some info
> on, i'm sure it's more with cgi than postgres, but
> heck.
>
> issue: how to secure cgi's that access postgres
>
> problem: passwords for postgres database are stored
> in pl
* Jeff MacDonald <[EMAIL PROTECTED]> [000114 14:07] wrote:
> alfred, that seems like a very reasonable solution,
>
> in regard to the other chaps responce, i'm not worried
> about web users anyway, cause they can't see the perl
> source. it's users on the system i'd like to protect
> against.
I'
alfred, that seems like a very reasonable solution,
in regard to the other chaps responce, i'm not worried
about web users anyway, cause they can't see the perl
source. it's users on the system i'd like to protect
against.
On Fri, 14 Jan 2000, Alfred Perlstein wrote:
> * Jeff MacDonald <[EMAIL
Jeff MacDonald wrote:
>
> hey folks,
>
> this is a security issue i'd like to get some info
> on, i'm sure it's more with cgi than postgres, but
> heck.
>
> issue: how to secure cgi's that access postgres
>
> problem: passwords for postgres database are stored
> in plain text in scripts.
* Jeff MacDonald <[EMAIL PROTECTED]> [000114 13:38] wrote:
> hey folks,
>
> this is a security issue i'd like to get some info
> on, i'm sure it's more with cgi than postgres, but
> heck.
>
> issue: how to secure cgi's that access postgres
>
> problem: passwords for postgres database are store
On Fri, Jan 14, 2000 at 04:55:02PM -0400, Jeff MacDonald wrote:
> this is a security issue i'd like to get some info
> on, i'm sure it's more with cgi than postgres, but
> heck.
>
First off, if the server is set up correctly a casual user should not be
able to browse the cgi-bin directory and s
hey folks,
this is a security issue i'd like to get some info
on, i'm sure it's more with cgi than postgres, but
heck.
issue: how to secure cgi's that access postgres
problem: passwords for postgres database are stored
in plain text in scripts. (lets assume, perl,
not a compiled la
13 matches
Mail list logo
