Beefy Boxes and Bandwidth Generously Provided by pair Networks
Problems? Is your data what you think it is?

Re: hiding database passwords

by naChoZ (Curate)
on Dec 13, 2007 at 20:20 UTC ( #656908=note: print w/replies, xml ) Need Help??

in reply to hiding database passwords

moritz gave you the right answer. But if you're just looking for a simple way not to have to hard code a password into your script, I usually do something like this. I keep a file in my home directory, in this example ~/.ldap.secret, protect with file permissions so that only I (or root / administrator) can access the file, then run a snippet like this (which is probably more complicated than necessary):

my $ldap_password = fetch_ldap_password({ filename => $ENV{HOME} . '/. +ldap.secret' }); # ... # {{{ sub fetch_ldap_password # sub fetch_ldap_password { my $args = shift; die "No password file specified\n" unless defined $args->{filename +}; my $filename = $args->{filename}; my $password; open( PW, "<$filename" ) or die "Error opening bindpw file $filename: $!\n\n"; foreach ( <PW> ) { chomp; $password = $_; } return $password; }

This doesn't negate anything moritz said, the password is still essentially just sitting around to anyone with permission. But at least you don't have to hard code it. For a script that will be run by multiple people, the script should be using a database username that has been configured with adequate granted permissions on the database side itself to meet the needs of the script accessing the db.


Therapy is expensive. Popping bubble wrap is cheap. You choose.

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://656908]
[Corion]: A good daystart to everybody!
[Corion]: Just a quick poll - is anybody actively relying on https://perlmonks. I plan to retire that URL in favour of moving all our servers onto the same HTTPS certificate for perlmonks.{com, net,org}
[Corion]: Actually bsd_glob '{www.,}perlmonks .{com,net,org}', plus I think
[Corion]: Sad that Let's Encrypt does not allow wildcard certificates, but they could be somewhat of a hassle to verify

How do I use this? | Other CB clients
Other Users?
Others avoiding work at the Monastery: (15)
As of 2017-09-26 07:43 GMT
Find Nodes?
    Voting Booth?
    During the recent solar eclipse, I:

    Results (292 votes). Check out past polls.