in reply to Re: MySQL CGI Security
in thread MySQL CGI Security

Why is it so bad to hardcode the name/pw in the script?

In part, this advice is a remnant from days past, when certain web servers (*cough* IIS *cough*) fell victim to exploits that would let wily h4x0rz look at the source of your ASP scripts or CGIs. Now, this advice protects you if you accidentally mess up your .htaccess, or hand the script off to someone else forgetting to remove your password.

Replies are listed 'Best First'.
Re: Re: Re: MySQL CGI Security
by diotalevi (Canon) on Oct 06, 2002 at 02:50 UTC

    Just like the Tompkins County Green Party did. Ehem. It's just a good idea to keep your secrets out of your code base anyway - it lets you alter you secrets without worrying about code maintenance. Consider this an extension of the practice of separation of concerns.

    __SIG__
    printf "You are here %08x\n", unpack "L!", unpack "P4", pack "L!", B::svref_2object(sub{})->OUTSIDE

[reply]
[d/l]

In Section Seekers of Perl Wisdom