At 10:14 AM -0500 10/1/99, Christopher R. Jones wrote:
>I will be developing a WEB application that allows users to create new
>MySQL databases. I think there are two possible scenarios:
>1. SU adds new users to mysql and the user can then create database.
>2. SU creates new database giving user access to select, insert, delete.
>
>I am concerned about hiding the SU user_id and password in the CGI scripts.
>For example, a CGI script contains something like:
>my $db = "buildings";
>my $user = "cjones";
>my $password = "spikeo";
>my $hostname = "";
>
>Any ideas?
Are you using Apache? One possibility would be to use Apache's suEXEC
mechanism to run the script as a particular UNIX user, then have your
script read the params from a file that is accessible only to that
user.
--
Paul DuBois, paul@stripped
