Welcome to the Monastery | |
PerlMonks |
Re: CGI::Session and sensitive databy moritz (Cardinal) |
on May 16, 2012 at 18:48 UTC ( [id://970891]=note: print w/replies, xml ) | Need Help?? |
A more secure way is to ask the user for the password whenever the API key is needed. But of course that's annoying. If it's the database you worry about, you could always store the sessions data outside the database (in memory or flat files). But in the end your application needs the API key in plain text, so if a potential attacker gets a certain access level to your application, he will gain access to the API key too.
In Section
Seekers of Perl Wisdom
|
|