On Sun, Dec 14, 2008 at 09:45:50AM -0500, Aryeh Gregor wrote:
On Sun, Dec 14, 2008 at 4:08 AM, Bryan Tong Minh bryan.tongminh@gmail.com wrote:
It would of course be a good idea, but any PHP(f) file that is world readable and has passwords in it is inherently a security leak.
So how do you store your passwords, such that the web server can read them to connect to the database but can't read them to serve the files containing the passwords?
The answer, which someone else already pointed out, is to put the password-containing files outside your personal web directory, such as in your ~/.my.cnf file, and set them so that only you can read them. Your cgi scripts run as your user id, not the webserver's user id.
I'm certain that this sort of UNIXy file security is a mystery to many users, so it ought to be documented somewhere. But, lacking that, here are a couple rules of thumb:
1) Never put a password directly in a cgi script. Make the script read passwords from some other dedicated configuration file.
2) Never assume that the source code of your cgi scripts is secret or secure.
3) Don't use your personal wiki password from your cgi scripts - make a separate account.
A side benefit of 1-2 is that it makes sharing your source code much easier. You don't run the risk of accidentally committing into svn a version of your code with a password in it. And you don't have to edit the code to hide the password when you send the code to someone else.
- Carl