Shell script containing passwords.

[Lewis Thompson]

Hi,

I'm trying to write a script to use with the Apache auth plugin
mod_auth_any.  I have the whole setup working, bar the script that does
the authentication.

  I am worried that because the script must be read/writeable by the
Apache user (www) that anybody that can write a PHP script on my machine
can read the auth script and read the passwords that would be contained
within -- those to my MySQL server.

  Is there any way I can have a script that is not readable by a user,
while still allowing that user to execute it?  Maybe through using a
wrapper of some sort?  I do not have UFS2 so I cannot use ACLs.

  Any suggestions for this as I'm stumped.  Thanks very much,

-lewiz.

-- 
I was so much older then, I'm younger than that now.  --Bob Dylan, 1964.
------------------------------------------------------------------------
-| msn:purple at lewiz.net | jabber:lewiz at jabber.org | url:www.lewiz.org |-
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20040209/8414dece/attachment.bin