Today I tried to install DBI in my company PC thru PPM. At beginning it didn't work, as I was behind the firewall. After read some document, I figured it out. In order to use PPM behind firewall, I have to set three environment variables. One of them is HTTP_proxy_pass.
I feel really uncomfortable to put my password in an environment variable. Now anyone sitting in front of PC can find it out.
I did a little bit investigation, and now I think the piece of code that uses those environment variables is PPM::Repository, and that's where the UserAgent is created and credential is encoded.
I am thinking of modify that module a little bit. Instead of using environment variable, just ask for credential on fly.
Before I go ahead, I want to make sure that I am doing the right thing. Is there a more secure way of using PPM behind firewall that I don't know? If I go modify it, I probably will use Tk (not change the entire application to Tk, but just pop up a dialog box asking for credential.), any other suggestion?