in reply to Best way to hide passwords.

If you're using Apache, put the file containing the password in a subdirectory, and add the following .htaccess file to that directory: 
Order deny,all
Deny from all

[download]
Voila! Nobody sees it.

The only risk you have is that if one day you munge the .htaccess, the directory will be visible. tadman's advice below is sounder in that regard.

Replies are listed 'Best First'.
Re: Hide Your Passwords!!
by tadman (Prior) on Mar 06, 2001 at 04:06 UTC
    Actually, the best thing, really the only thing to do is to make sure that your password file is not accessible from the Web at all! Don't put it in a directory that is served by Apache. Period.

    There have been many historical cases of people downloading your standard-issue '.htpasswd' file and running crack on it, finding dozens of simple passwords such as 'bob/bob', 'joe/123' and many others that would surprise you. These 'hax0rz' can do many unpleasant things to your Web site, and if you're not careful, there might be some system accounts with the same password and login as on the site...well, you know what happens next.

    So, if your script is running in "/site/www", put your data somewhere else, like "/site/data" which is not served by Apache.
[reply]

In Section Seekers of Perl Wisdom