perl - Is a plain-text password in a CGI script a security hole? -


i've read things can go wrong web server may lead display of php scripts plain text files in web browser; consequently i've moved of php scripts directory outside web root. i've been wondering whether same happen cgi scripts in cgi-bin.

my main concern 1 script contains user name , password mysql database. if possible security hole (at least far database content concerned), there way of putting sensitive data in different location , getting there (like saving in file in different directory , reading file, example)? scripts written in perl btw.

i've read things can go wrong web server may lead display of php scripts plain text files in web browser; consequently i've moved of php scripts directory outside web root. i've been wondering whether same happen cgi scripts in cgi-bin.

yes. if goes wrong causes programs served instead of executed, of content exposed. same issue php (except given way cgi-bin directories configured (i.e. aliased directory outside web root), harder problems occur).

my main concern 1 script contains user name , password mysql database. if possible security hole (at least far database content concerned), there way of putting sensitive data in different location , getting there (like saving in file in different directory , reading file, example)?

yes. that, make sure directory outside webroot.

for additional security, make sure database accepts credentials connections minimum set of hosts need access it. e.g. if database on same server web server, let credentials work localhost. causing database listen on localhost network interface idea in case.

my scripts written in perl btw.

i'd @ using 1 of config::* modules this.


Comments

Post a Comment

Popular posts from this blog

asp.net - repeatedly call AddImageUrl(url) to assemble pdf document -

i'm using abcpdf , i'm curious if can recursively call addimageurl() function assemble pdf document compile multiple urls? something like: int pagecount = 0; int theid = thedoc.addimageurl("http://stackoverflow.com/search?q=abcpdf+footer+page+x+out+of+", true, 0, true); //assemble document while (thedoc.chainable(theid)) { thedoc.page = thedoc.addpage(); theid = thedoc.addimagetochain(theid); } pagecount = thedoc.pagecount; console.writeline("1 document page count:" + pagecount); //flatten document (int = 1; <= pagecount; i++) { thedoc.pagenumber = i; thedoc.flatten(); } //now try again theid = thedoc.addimageurl("http://stackoverflow.com/questions/1980890/pdf-report-generation", true, 0, true); //assemble document while (thedoc.chainable(theid)) { thedoc.page = thedoc.addpage(); theid = thedoc.addimagetoc
Read more

java - Android recognize cell phone with keyboard or not? -

in android app, want detect user's device if device has keyboard(like motorola milestone) , show corresponding user interface. guys know how that? ! regards justicepenny http://developer.android.com/reference/android/content/res/configuration.html public int keyboard the kind of keyboard attached device. 1 of: keyboard_nokeys, keyboard_qwerty, keyboard_12key. that's it!
Read more

iphone - How would you achieve a LED Scrolling effect? -

how achieve led scrolling effect example below? led sign - led ticker emulator iphone , ipad http://img.skitch.com/20101201-rsfh4p1bajb1wp94k466pdpiuj.preview.jpg sometimes remunerates comment in other posts :) have put code you, should implement font '8pin matrix' realistic feeling. uilabel *label; - (void)viewdidload { [super viewdidload]; label = [[uilabel alloc]initwithframe:cgrectmake(10, 50, 300, 20)]; label.font = [uifont fontwithname:@"courier-bold" size:16.0]; label.backgroundcolor = [uicolor blackcolor]; label.textcolor = [uicolor greencolor]; label.linebreakmode = uilinebreakmodecharacterwrap; // otherwise "…" label.text = @"this led text scrolled "; // blanks space between [self.view addsubview:label]; [nstimer scheduledtimerwithtimeinterval:0.12f target:self selector:@selector(scrolllabel) use
Read more