Re: Securing PHP scripts

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Tue, 19 Aug 2003, Cody Phanekham wrote:

> I should of mentioned that the server is a dedicated PHP / PostgreSQL 
> server, therefore no other user would have access to it.
> 
> My only concern is *if* the server gets compromised, then the attacker 
> would have access to the DB without too much effort.

If the server gets compromised, you've lost.  If they just get to execute 
arbitrary code as the httpd user, you've lost, if they can execute 
arbitrary code as root you've doubly lost.

Unless youre system is designed for anonymous database access to be 
secure, you can't really protect it from a rogue web server.



[Index of Archives]     [Postgresql General]     [Postgresql Admin]     [PHP Users]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Databases]     [Yosemite Backpacking]     [Postgresql Jobs]

  Powered by Linux