thecrypto has asked for the wisdom of the Perl Monks concerning the following question:

I am currently working on a journal script and part of it is a config file that I'm parsing with Config::General. This config file is used by currently by 2 different CGI scripts and eventully will used by more. It also contains the password to the journal and the database in plain text. I am trying to find a way to move the config file out of the CGI directory with the other 2 scripts and put it somewhere more secure without having the user have to change a line in two or more scripts. The Config::General docs only talk about having an option for putting in relitive paths. The code I currently have is at my site Any ideas?

Replies are listed 'Best First'.
Re: Finding a config file
by tachyon (Chancellor) on Mar 21, 2002 at 04:48 UTC

    Move the config file somewhere non world readable (ie outside of your web root). Make it part of the 'config' group. Give it 040 permissions if all you need the CGIs to have is read permission. Make your CGIs part of the config group - they will thus be able to read the file but no one else will. Use relative paths if you want, it makes no difference. Investigate encrypting your passwords if possible.

    cheers

    tachyon

    s&&rsenoyhcatreve&&&s&n.+t&"$'$`$\"$\&"&ee&&y&srve&&d&&print

[reply]
Re: Finding a config file
by Caillte (Friar) on Mar 21, 2002 at 13:14 UTC

    If you are thinking of using site-wide config files then you may want to take a look at Template::Toolkit. It enables you to include things like pre-loaded config files and also insert config files into your site using the INCLUDE command.

    Admittedly, Template::Toolkit is too complex for simple sites, and I haven't had time to look at yours, but if you say you are developing something for a large number of CGI programs then it can be a real timesaver!

    This page is intentionally left justified.

[reply]

Back to Seekers of Perl Wisdom