Re: How to deal with #402010?

To: debian-devel@lists.debian.org
Cc: 402010@bugs.debian.org
Subject: Re: How to deal with #402010?
From: Roland Mas <lolando@debian.org>
Date: Fri, 04 Apr 2008 10:21:09 +0200
Message-id: <[🔎] 87d4p6ghe2.fsf@mirexpress.internal.placard.fr.eu.org>
References: <[🔎] 200804040918.37732.cajus@naasa.net>

Cajus Pollmeier, 2008-04-04 09:18:37 +0200 :

> Hi,
>
> my position to this bug is written down in the bugtracker and I
> don't consider this a bug. Any opinions about what to do with it? It
> would apply to virtually any kind of web application accessing some
> kind of database/ldap passwords somewhere in the filesystem.

Depending on the web server, there may be a way around that problem.
The following works with Apache, at least, and I guess it can be
adapted to other servers as well.

  The thing is to store the passwords or sensitive info in files that
are only readable by root, and have Apache read these files and export
the information selectively to some webapps and not others, by
wrapping the appropriate directives in VirtualHost (or similar)
blocks.  Then it's a simple matter (ahem) of passing the info to the
webapp, and there are two ways to do that: with SetEnv (not ideal) or
with RequestHeader (probably better).

Roland.
-- 
Roland Mas

Et c'est tellement plus mignon de se faire traiter de con en chanson...
  -- in En chantant (Michel Sardou)

Reply to:

References:
- How to deal with #402010?
  - From: Cajus Pollmeier <cajus@naasa.net>

Prev by Date: How to deal with #402010?
Next by Date: Re: How to deal with #402010?
Previous by thread: How to deal with #402010?
Next by thread: Re: How to deal with #402010?
Index(es):
- Date
- Thread