Beefy Boxes and Bandwidth Generously Provided by pair Networks
more useful options

Re: Hiding Passwords

by Trimbach (Curate)
on Mar 20, 2002 at 22:01 UTC ( #153149=note: print w/replies, xml ) Need Help??

in reply to Hiding Passwords

I think the problem is that the database server needs the plaintext password at somepoint... the big question is "who knows the password?" At a minimum even in the best of all possible worlds your Perl program has to know the password (even if no one else does). So how do you keep someone from looking at your password in your program?

The best I've come up with is to restrict rights to who can view the source of your program, which works pretty well if your program is run only by a few users. However, if you're doing CGI, and your CGI has to talk to the database, well, then your password has to read-able by God and everyone. In such cases I've moved database connection information out of the path of the webserver (and then use'd or require'd it in) which helps a little, but still, global read access makes me nervous.

If anyone has any techniques or thoughts I, too, would like to hear them.

Gary Blackburn
Trained Killer

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://153149]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others meditating upon the Monastery: (3)
As of 2021-10-24 18:14 GMT
Find Nodes?
    Voting Booth?
    My first memorable Perl project was:

    Results (89 votes). Check out past polls.