I think the problem is that the database server needs the plaintext password at somepoint... the big question is "who knows the password?" At a minimum even in the best of all possible worlds your Perl program has to know the password (even if no one else does). So how do you keep someone from looking at your password in your program?

The best I've come up with is to restrict rights to who can view the source of your program, which works pretty well if your program is run only by a few users. However, if you're doing CGI, and your CGI has to talk to the database, well, then your password has to read-able by God and everyone. In such cases I've moved database connection information out of the path of the webserver (and then use'd or require'd it in) which helps a little, but still, global read access makes me nervous.

If anyone has any techniques or thoughts I, too, would like to hear them.

Gary Blackburn
Trained Killer