Hiding the pass in a DBI script

suaveant has asked for the wisdom of the Perl Monks concerning the following question:

A question that has been gnawing at me for a while... When using DBI with perl if you want to write a system script for users or a cgi then your script must be readable by those users. So how do you hide your DB password from users, but still let them use it, other than suid. (I suppose this goes for anything with a password or the like). Is there anything that can be done? - Ant

Comment on Hiding the pass in a DBI script

Replies are listed 'Best First'.
Re: Hiding the pass in a DBI script by geektron (Curate) on Mar 27, 2001 at 00:51 UTC
read this thread Hiding DBI Passwords?	[reply]
Re: Re: Hiding the pass in a DBI script by suaveant (Parson) on Mar 28, 2001 at 19:05 UTC
Excellent, I looked, but missed that, thanks. - Ant	[reply]
Re: Hiding the pass in a DBI script by wardk (Deacon) on Mar 27, 2001 at 00:13 UTC
some ideas... From the web as cgi, you can prevent the code from being seen via web configuration, i.e. only allow the script to be executed (no directory views, use an .extension that has forced execution). from command-line, it won't be so easy. in either solution, put the connect info into a separate file and read it into the script at runtime. If the script(s) need only READ from the database, then be sure to use a userid that is restricted from doing writes to the database, and use views to protect table columns that are not to be accessed.	[reply]
Re: Hiding the pass in a DBI script by extremely (Priest) on Mar 27, 2001 at 02:12 UTC
How many users are you talking about that might have access to the web script? If it is in the 10s, consider just giving them each readonly or really minimal read-write access to the DB. Put the DB's access rights system to work and have the users put in their db password to access the scripts. -- $you = new YOU; honk() if $you->love(perl)	[reply]