| From: | "Andrew J(dot) Kopciuch" <akopciuch(at)bddf(dot)ca> |
|---|---|
| To: | "Cody Phanekham" <Cody(dot)Phanekham(at)salmat(dot)com(dot)au>, <pgsql-php(at)postgresql(dot)org> |
| Subject: | Re: Securing PHP scripts |
| Date: | 2003-08-19 06:49:05 |
| Message-ID: | 200308190049.05680.akopciuch@bddf.ca |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-php |
On Monday 18 August 2003 21:08, Cody Phanekham wrote:
> I should of mentioned that the server is a dedicated PHP / PostgreSQL
> server, therefore no other user would have access to it.
>
> My only concern is *if* the server gets compromised, then the attacker
> would have access to the DB without too much effort.
>
If by "comprimised" you mean rooted, then the attacker can do whatever they
like on the system anyways. If someone has root on a box ... they have
access to the DB ... with or without a password to begin with.
Andy
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Gerd Terlutter | 2003-08-19 08:05:55 | Re: Authentication Failure with pg_pconnect |
| Previous Message | Cody Phanekham | 2003-08-19 03:08:46 | Re: Securing PHP scripts |