Hi,

I'm writing a CGI program that connects to a MySQL database using DBI. I would like to remove the username and password from the source of the script itself and--ideally--store it somewhere that can't be seen by others, save perhaps the machine's administrators.

(For the record, I did use search and super-search pretty carefully. While there are a lot of nodes on the system, I didn't see precisely the answer I was looking for. I'll admit, however, that I was overwhelmed by the number of hits and may have missed something while trying to scan them quickly.)

To begin, consider the following code (which is nothing special):

#!/usr/bin/perl -w
use strict;
use DBI();

my $dbh = DBI->connect( "DBI:mysql:database=mydb;host=localhost",
                        "mywebuser", "mypassword",
                        { 'RaiseError' => 1 } );
my $sth = $dbh->prepare( "SELECT * from mytable;" );
$sth->execute();
while ( my $ref = $sth->fetchrow_hashref() )
{
  print "Found a row: id = $ref->{ 'id' }, name = $ref->{ 'name' }\n";
}
$sth->finish();
$dbh->disconnect;

[download]

That said, here's my question: How do I protect the password, as well as (preferably) the user name used to access the database?

I have considered encrypting the password, perhaps with an MD5 hash, but I'm not sure how to handle the decryption process without compromising the password. I am not asking for ways to obscure the password, but to truly protect it from prying eyes. (If this is a good idea, I could also use some pointers that might help avoid common mistakes.)

Thanks in advance for any help...

In reply to Handling Passwords Securely by cymon

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.