Shell script containing passwords.
Lewis Thompson
purple at lewiz.net
Tue Feb 10 08:05:25 PST 2004
On Tue, Feb 10, 2004 at 03:56:08PM +0000, Peter Risdon wrote:
> Lewis Thompson wrote:
> > I am worried that because the script must be read/writeable by the
> >Apache user (www) that anybody that can write a PHP script on my machine
> >can read the auth script and read the passwords that would be contained
> >within -- those to my MySQL server.
> All you can do really is store the passwords themselves in an include
> file that you put in the most secure place possible, preferably not in
> webspace. But I imagine you have this covered.
Yeah, but this is really security through obscurity, not something I'm
keen on ;)
> > Is there any way I can have a script that is not readable by a user,
> >while still allowing that user to execute it? Maybe through using a
> >wrapper of some sort? I do not have UFS2 so I cannot use ACLs.
> >
> >
> Not that I know of, but have you considered compiling apache with
> suexec? Assuming your other users have seperate logins, this might work.
> You can have apache execute scripts as the appropriate user, not www.
> That way, a 700 permission should prevent other users from reading your
> scripts.
I read some stuff about this. I got the impression it required using
PHP as a CGI, instead of mod_php. Am I wrong in thinking this? The
overhead of using PHP as CGI is a little too high because the server is
already pretty stretched...
Thanks very much,
-lewiz.
--
I was so much older then, I'm younger than that now. --Bob Dylan, 1964.
------------------------------------------------------------------------
-| msn:purple at lewiz.net | jabber:lewiz at jabber.org | url:www.lewiz.org |-
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20040210/7ac62d87/attachment.bin
More information about the freebsd-questions
mailing list