The best way to do this is to move the password and other connection details to some other place besides the CGI or HTML serving dir. This can include the web server configuration files (if the server can handle this and has various mods; for example, Apache with Apache::DBI can have initiation info in the httpd.conf), or using a database-dependant way of initializing the connection based on files from the 'users' home directory (Mysql, for example, will look at the user's ~/my.cfg if connection parameters are not given). Both of these methods are more secure that setting the values in CGI, in that the malicious user would need to gain access via means other than http to get this information.
Dr. Michael K. Neylon - mneylon-pm@masemware.com
||
"You've left the lens cap of your mind on again, Pinky" - The Brain