I'm working on an application for which security is of great importance. I'm using an Apache::AuthCookie subclass to do the authentication, and the username and password used to connect are actual database logins. I'm prototyping some stuff on a mySQL server, but probably the final app will use PostgreSQL.

I'm trying to pass the information required to connect to the database from the authentication handler to the a standard (not mod_perl) CGI script that is the primary application. As a form of security-in-depth, I'd like to do this in such a way that even if a bug in the CGI script allows executing arbitrary commands, an attacker still can't get access to other users' passwords.

What I'd really like to do is open the database connection in the auth handler, then just pass a pre-authenticated open file descriptor connected to the database to the CGI script. Unfortunately, the MySQL and PostgreSQL APIs don't seem to support anything like this. Does anybody know a way to do the equivalent of this?

The easiest way to pass the information is through environment variables, but of course those can be viewed through ps. If my application is running on grsecurity-patched Linux in a chroot area mounted with nodev and without /proc mounted, is it reasonable to expect that environment variables are protected, or is that still a dangerous assumption?

Normally I would pass this information on a file descriptor, but coordinating that from within an Apache handler seems like a difficult task. Using a tempfile won't work because other instances of the CGI script would be able to read all of the tempfiles.

Anybody have any suggestions for me, or any pointers to solutions to similar problems?

Thanks!