You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Jason Levine <sp...@queso.com> on 2004/09/08 04:10:56 UTC

Hiding SQL password?

Is there any way to hide the SQL database password from users?  Currently,
it's plaintext in the local.cf file, a file that has to be world-readable
in order for users to be able to use the spamassassin client in an setuid
environment.  (Thus, setting the file to disallow world reading results in
users not being able to read in the site-wide configuration, which sorta
defeats the purpose!)

Is there some other mechanism for telling spamassassin about the password
without also revealing it to every user that has access to the system?

Thanks...

/jason

Re: Hiding SQL password?

Posted by "Eric W. Bates" <er...@vineyard.net>.

You could give everyone their own login to mysql? (onerous)

Jason Levine wrote:
> Is there any way to hide the SQL database password from users?  Currently,
> it's plaintext in the local.cf file, a file that has to be world-readable
> in order for users to be able to use the spamassassin client in an setuid
> environment.  (Thus, setting the file to disallow world reading results in
> users not being able to read in the site-wide configuration, which sorta
> defeats the purpose!)
> 
> Is there some other mechanism for telling spamassassin about the password
> without also revealing it to every user that has access to the system?
> 
> Thanks...
> 
> /jason