Preventing an attacker who has compromised my CGI scripts badly enough to execute arbitrary code from copying the database is exactly the point of a security-in-depth strategy.

Here's the design I'm working with: Apache will run in a chroot jail, with a Unix socket to the SQL server inside the chroot. The SQL server stores its binaries and all of its data outside Apache's chroot. The username and password to log in to the SQL database are sent by the user, and only allow access to this user's own data (implemented using PostgreSQL views).

In this configuration, I don't think that compromising the CGI script will allow the user to copy or delete the entire database (unless it's in conjunction with a kernel bug or an SQL server bug); he will be able to send arbitrary SQL commands to the database, but only with the permissions of the SQL user he's logged in as, which will prevent access to or destruction of data other than his own.

Do you see flaws in this design that I'm missing?

In reply to Re^4: Secure way to pass database connection info from mod_perl handler to CGI script by sgifford
in thread Secure way to pass database connection info from mod_perl handler to CGI script by sgifford

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.