On Thu, 28 Feb 2013 17:02:37 +0000 Tom Evans <tevans.uk@xxxxxxxxxxxxxx> wrote: > >> I think the password for the user that connects to the DB should > >> also be declared here like: > > > > I have two problems with that. I don't know all of my user's > > passwords and I don't want to store clear text passwords in the > > configs. > > I think you're going to have great difficulties getting Apache to > query a database you cannot supply the credentials for.. Well, it already does that just fine with identd. The user scripts, running as the user thanks to suExec, open and query their own database just fine. It's only the dbd auth that doesn't work. > Can you not create a specific role user that can access each user's You mean a superuser account? > DB. That way, you would not need to specify their password in the conf > file, just your role users password. The conf file can also be only > readable by root for on disk security. Config files are managed with SVN so copies sit around in many places. I am just a little disappointed that Apache goes through all the trouble of supplying suExec and locking it down so well and yet it still requires that I store passwords on disk or make passwords (even encrypted) world readable. Similar issue with mod_php. Even though the site runs as the user, mod_php still runs as nobody so data files need to be world writable. -- D'Arcy J.M. Cain System Administrator, Vex.Net http://www.Vex.Net/ IM:darcy@xxxxxxx Voip: sip:darcy@xxxxxxx --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|