in reply to MySQL CGI Security

As is customary, to access the database, I have to pass a user ID and password. But I only have one user ID/password for my database. How do I authenticate my query? I obviously can't give that user ID/password to everyone, and hard coding it in the script goes against every secure computing principle (even if the script is secured).

Don't give your database ID/password to anyone. Put the pair in a text file that isn't visible through the web server (either by putting in your home directory, or using the appropriate Apache directives in a .htaccess), and have your CGI scripts get the ID/password from this file.

In Section Seekers of Perl Wisdom