http://www.perlmonks.org?node_id=777199


in reply to Re: best way to store login information for a perl script?
in thread best way to store login information for a perl script?

Passing sensitive data on the command line raises its own set of security issues under any environment which maintains a command-line history, as someone with access to the account from which it was run will be able to gather the login credentials by going back through the history.

On multi-user unix-type systems, the ps or w commands can also be used to see currently-executing processes along with the command line used to start each - including any information passed on the command line - which has the potential to leak your credentials to other users on the machine without requiring them to first compromise your account. (Some admins will have the system secured such that you can't view other users' process information, but the general default is for it to be visible.)

Setting up a shortcut or short script which contains the credentials and passes them on for you will solve these issues (since you're no longer putting the credentials on the command line), but it's essentially just creating a mini config file containing them, so why not just put them into a proper config file in the first place, as YourMother said? Just remember to make the config file readable only by the appropriate user (and optionally include code in the program consuming the config file which complains about and/or refuses to read the config file if it's more widely readable or writable).