How secure is /Inetpub/Secure/foo.dat from other users on the server? The thing I like about Apache suExec is that I can set 'chmod 600 /Inetpub/Secure/foo.dat' to protect the contents while retaining cgi access. I've been setting up private ~/lib directories that way.
Can readers of the config be tricked into remembering too much? The polymorphisn you set up is a specialization to certain arguments of the stock DBI::connect method. Perhaps if your modules are sufficiently unreadable to the world, you can let each module take care of its own $dbuser and $dbpass using the same bareblocked closure you quote, but without the need for a synched config file. A module then knows its own secrets, and no other secrets are exposed to it.
Security is pretty often at odds with maintainability, and I think your question is an example of that. Apache suExec requires extra care. I wouldn't develop for it without taint on.
After Compline,
Zaxo
In reply to Re: Best practice with polymorphic constructors
by Zaxo
in thread Best practice with polymorphic constructors
by Ovid
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |