List:General Discussion« Previous MessageNext Message »
From:Paul DuBois Date:October 1 1999 3:57pm
Subject:Re: Security in Perl/CGI
View as plain text  
At 10:14 AM -0500 10/1/99, Christopher R. Jones wrote:
>I will be developing a WEB application that allows users to create new
>MySQL databases.  I think there are two possible scenarios:
>1.  SU adds new users to mysql and the user can then create database.
>2.  SU creates new database giving user access to select, insert, delete.
>
>I am concerned about hiding the SU user_id and password in the CGI scripts.
>For example, a CGI script contains something like:
>my $db = "buildings";
>my $user = "cjones";
>my $password = "spikeo";
>my $hostname = "";
>
>Any ideas?

Are you using Apache?  One possibility would be to use Apache's suEXEC
mechanism to run the script as a particular UNIX user, then have your
script read the params from a file that is accessible only to that
user.

--
Paul DuBois, paul@stripped
Thread
Security in Perl/CGIChristopher R. Jones1 Oct
  • Re: Security in Perl/CGIMartin Ramsch1 Oct
  • Re: Security in Perl/CGIPaul DuBois1 Oct