web security

[Marcel Kunath]

Hello,

I had a question regarding web development and security. This regards software
as Twig and Mailman. If you install them you are forced by default to edit a
config file and leave in there a user/passwd for access to a database used by
those projects. I feel its kinda risky and easy to expose them on the web. Is
there anything out there which would not make it necessary to leave passwds in
files. Some sort of security scheme for a Linux box which implements users for
such web services and leaves them from being exploited by a leaked passwd?
Could LDAP handle this better?

I am thinking of how MSU does protect some of their websystems. They build a
security module which surrounds every web project. This security module then
checks if a user has access to this web system and as well assigns this
websystem a generic web ID which then can be administered separately in the
security module and not in the web system itself.

mk