in reply to hiding database passwords

moritz gave you the right answer. But if you're just looking for a simple way not to have to hard code a password into your script, I usually do something like this. I keep a file in my home directory, in this example ~/.ldap.secret, protect with file permissions so that only I (or root / administrator) can access the file, then run a snippet like this (which is probably more complicated than necessary):

my $ldap_password = fetch_ldap_password({ filename => $ENV{HOME} . '/.
+ldap.secret' });

# ...

# {{{ sub fetch_ldap_password
#
sub fetch_ldap_password {

    my $args = shift;
    die "No password file specified\n" unless defined $args->{filename
+};

    my $filename = $args->{filename};

    my $password;

    open( PW, "<$filename" )
        or die "Error opening bindpw file $filename: $!\n\n";

    foreach ( <PW> ) {
        chomp;
        $password = $_;
    }

    return $password;
}

[download]

This doesn't negate anything moritz said, the password is still essentially just sitting around to anyone with permission. But at least you don't have to hard code it. For a script that will be run by multiple people, the script should be using a database username that has been configured with adequate granted permissions on the database side itself to meet the needs of the script accessing the db.