Re: MySQL CGI Security

That's a poor situation, but pretty common. If you have suEXEC in effect, you can use filesystem permissions to guard the keys. Make a small private connection sub as I show below, give it 0600 permissions in a directory outside webspace. The user/pass pair is hidden in a closure from the rest of the program.

### file Myconnection.pl
use DBI;
{
    my $dsn = 'whatever';
    my $user = 'joe';
    my $pass = 'joe';
    my $opts = {
                   RaiseError => 1,
                   AutoCommit => 0,
               };
    sub myconnect () {
        DBI->connect($dbs, $user, $pass, $opts);
    }
}
[download]

Usage:

use lib '/home/user/lib/perl5'; # or wherever
use 'Myconnection.pl';

my $dbh = myconnect();
[download]

Without suEXEC, you will lack the filesystem protection, making this scheme much less viable.

After Compline,
Zaxo

Comment on Re: MySQL CGI Security Select or Download Code