If you turn your "configuration variables" into subs you can log whenever someone tries to read them. And act like constants. E.g.:
# there are many other ways to print a stack trace # and some core (see caller) use Devel::StackTrace; sub env_db_user { $log->info("accessing config: ".Devel::StackTrace->new->as_string); return 'username'; } ...
Also note that even if a user can not directly access the vars.pm, because of file permissions, your (production) code can and will read it and hold it into memory. One can tell production to dump the vars by adding some code to the test codebase which eventually may find its way to production. With the above it is a little bit more difficult to do that. I know how to print all subs from the symbol table but I don't know how to print their contents see Re^2: Holding site variables. say $_ for keys %main::
The other issue is integrity of your configuration. It can be verified with a SHA signature. But it feels more natural to do so with having your configuration in a JSON or any other config format and your code reads the configuration and verifies its hash signature (stored in the code! oh well!) (edit: and creates subs like env_db_user dynamically). That works well with encrypted configuration too. But then your code contains the SHA signature and password to that encrypted config ...
A side issue to what you asked, is integrity of your code and reviewing what goes from test to production ...
bw, bliako
In reply to Re: Holding site variables
by bliako
in thread Holding site variables
by Bod
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |