How to deal with #402010?
Cajus Pollmeier, 2008-04-04 09:18:37 +0200 :
> my position to this bug is written down in the bugtracker and I
> don't consider this a bug. Any opinions about what to do with it? It
> would apply to virtually any kind of web application accessing some
> kind of database/ldap passwords somewhere in the filesystem.
Depending on the web server, there may be a way around that problem.
The following works with Apache, at least, and I guess it can be
adapted to other servers as well.
The thing is to store the passwords or sensitive info in files that
are only readable by root, and have Apache read these files and export
the information selectively to some webapps and not others, by
wrapping the appropriate directives in VirtualHost (or similar)
blocks. Then it's a simple matter (ahem) of passing the info to the
webapp, and there are two ways to do that: with SetEnv (not ideal) or
with RequestHeader (probably better).
Et c'est tellement plus mignon de se faire traiter de con en chanson...
-- in En chantant (Michel Sardou)
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact email@example.com