[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Cgi scripts allow browsing through virtual sites
- Subject: Re: [cobalt-users] Cgi scripts allow browsing through virtual sites
- From: "Carrie Bartkowiak" <ravencarrie@xxxxxxxx>
- Date: Tue May 8 15:16:03 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
> Mysql is not to bad, you can set the from where the user will
connect and
> right of this user, only read should be the best but a database is
used
> especially when you want input from the outside world, so you will
probably
> have write right too..
Even with keeping stuff in MySQL databases you still have to watch
out, because the script has to have the username/password combo
*somewhere* in some file so it's allowed to access the database.
Anyone else on the machine can just browse around (with a CGI or PHP
script) until they find that file that the script is using, and
badda-bing!... they've got access to the database. :(
You mentioned that the .htaccess is disabled - this is easily fixed
with a change to the srm.conf file, unless you don't want to break
your warranty. (Or is it the access.conf file? I keep forgetting until
I actually get in there. One of those two.)
Next time, say your name so I know what to call you! *smile*
CarrieB