in reply to Structuring a Web site and security issues

MySQL in particular has a neat trick for keeping your password and username secure and out of your code entirely (best practice: never hard code passwords). So, if you're using it, check out DBD::mysql and look for mysql_read_default_file. The password (and dbuser and even other MySQL vars) can be in a config file only readable by the user (make its perms 0400 or 0600).

  • Comment on #2 (Re: Structuring a Web site and security issues)

Replies are listed 'Best First'.
Re: #2 (Re: Structuring a Web site and security issues)
by wfsp (Abbot) on Dec 27, 2005 at 09:29 UTC
    Neat indeed.

    The docs give an example config file: 

    [client]
host=localhost

[perl]
host=perlhost

    [download]
    What would the syntax be to have usr and password in there as well?

    Thanks for the tip.

    update

    The following did the trick:

    [client]
host=xxxxxx
user=yyyyyy
password=zzzzzzz

    [download]
[reply]
[d/l]
[select]

      I really apologize for the looooooooong delay in response. I would recommend against setting the user. The calling script is presumably executed by the user so it is redundant to include and ever so slightly less secure to have it in the same file as the password.

[reply]

In Section Seekers of Perl Wisdom