Beefy Boxes and Bandwidth Generously Provided by pair Networks
Just another Perl shrine

Re: hiding database passwords

by naChoZ (Curate)
on Dec 13, 2007 at 20:20 UTC ( #656908=note: print w/replies, xml ) Need Help??

in reply to hiding database passwords

moritz gave you the right answer. But if you're just looking for a simple way not to have to hard code a password into your script, I usually do something like this. I keep a file in my home directory, in this example ~/.ldap.secret, protect with file permissions so that only I (or root / administrator) can access the file, then run a snippet like this (which is probably more complicated than necessary):

my $ldap_password = fetch_ldap_password({ filename => $ENV{HOME} . '/. +ldap.secret' }); # ... # {{{ sub fetch_ldap_password # sub fetch_ldap_password { my $args = shift; die "No password file specified\n" unless defined $args->{filename +}; my $filename = $args->{filename}; my $password; open( PW, "<$filename" ) or die "Error opening bindpw file $filename: $!\n\n"; foreach ( <PW> ) { chomp; $password = $_; } return $password; }

This doesn't negate anything moritz said, the password is still essentially just sitting around to anyone with permission. But at least you don't have to hard code it. For a script that will be run by multiple people, the script should be using a database username that has been configured with adequate granted permissions on the database side itself to meet the needs of the script accessing the db.


Therapy is expensive. Popping bubble wrap is cheap. You choose.

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://656908]
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others studying the Monastery: (5)
As of 2017-05-27 06:21 GMT
Find Nodes?
    Voting Booth?