perl -TwMstrict mysqlstatus.pl
[download]

Cool... Why not leave the -Tw and use strict; on in the release version, in case of feature creep?

Short of using javascript to encrypt the password on the client side, with a random "salt" generated from the server each time the page is issued, I don't see a lot of great solutions.

In any case, make SURE you never use such an app outside your corporate network, and even there, realize that malicious insideers could wind up with your mySQL root passwd...
--
Mike

Feature creep might happen, but I add in -w, -T, and -Mstrict as a habit anyways. I will add it if you really want, though. :)<br.
Any sniffer could also detect the salt used for encryption, so it's unavoidable.

With a quick edit, you can hardcode in the mysql password in the file. Just change the line like:
my $rootpwd = $q->param('rootpwd');
to
my $rootpwd = 'ilikeapples';.

-qslack, posting as anon because I am not at my computer and I forgot my password :)

I might be missing something here, but... maybe you should differentiate the two functions that are currently served by the password: (1) validating the person posting the request vs. (2) logging into the database. If your DB status report includes stuff that you don't want to make public (and/or you don't want the public pinging your DB at will), then do something for validation -- whatever's workable and adequate -- that does not involve sending the login password.

Put the actual DB login password in the code itself -- actually, in a module or "require" file that's readable when the script executes under the web server, but is not directly under $webhome.

Warning: I haven't researched this idea to figure out how vulnerable it might be (if anyone has facts or data on this, I'd love to hear it), but it seems safer than having ( $user_validation eq $rootlogin ) going through sniffable switches, even granting that it's only "DB root" that we're talking about here (I hope that's all you're talking about).