comment on

You don't find those best practices in Perl fora probably because they're the same best practices for any language.

I don't store that sort of information in the script: I make the script get it from somewhere else. Encoding rarely helps because the script is the recipe to decode it. How you decide to do that depends on your situation, but at some point the script ends up knowing all the secrets.

However, I do create several sets of passwords, and I give them different sets of permissions (read-only, insert-only, update-only, and so on) so that no script can do more than it should. Along with that, your database server may be able to limit access based on host or user names so that even discovery of the password doesn't complete the puzzle for the bad guys.

There is a lot more too it, but look for topics on web security rather than just Perl.

--
brian d foy <bdfoy@cpan.org>

In reply to Re: Best practices for database passwords by brian_d_foy
in thread Best practices for database passwords by Miss Brain

Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!

Titles consisting of a single word are discouraged, and in most cases are disallowed outright.

Read Where should I post X? if you're not absolutely sure you're posting in the right place.

Please read these before you post! —

Posts may use any of the Perl Monks Approved HTML tags:

a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr

You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)

	For:		Use:
	&		`&`
	<		`<`
	>		`>`
	[		`[`
	]		`]`

Link using PerlMonks shortcuts! What shortcuts can I use for linking?

See Writeup Formatting Tips and other pages linked from there for more info.