Re: Seeking efficient and safe way to store database connection information

I'm a big fan of Config::ApacheFormat. This allows you to set a bunch of other stuff in one configuration file.

The biggest thing to make sure of is that the configuration files are writeable only by one user and readable only by one group. That group should only have as members those application users which will need to read the connection information. For example, I have a www user whose only purpose is to run the Apache process. That user would be in a group called dbi_user. The password file would be permissions 640 and owned by me. If my username is dragonchild, the permissions would be:

dragonchild can read and write the file
Members of the dbi_user group can read the file
No-one else even knows the file exists.

Ideally, the directory this file is in would be 770, with the same user/group ownership.

------
We are the carpenters and bricklayers of the Information Age.

Then there are Damian modules.... *sigh* ... that's not about being less-lazy -- that's about being on some really good drugs -- you know, there is no spoon. - flyingmoose

I shouldn't have to say this, but any code, unless otherwise stated, is untested

Comment on Re: Seeking efficient and safe way to store database connection information