You _do_ need to include the user name and password in the DBI connect statement, but the way to make it more secure is to not hardcode those in your scripts - create a Perl module in which you place variables that _do_ contain the hardcoded values, but place that perl module in a secure place on your filesystem that is not accessible by regular users. Then "use" that module in your script so that you have access to the variables in the module that contain the actual values of the user name and password.
At a command prompt do perldoc perl to get started. Note that there are several perldoc's that refer to perl modules - the one you probably want to start with is perlmod, which you can view by doing perldoc perlmod at a command prompt. HTH. Hardy Merrill >>> "News Reader" <[EMAIL PROTECTED]> 03/10/04 01:35PM >>> Hi there, I figured this would be a pretty common problem, but I didn't see anything in the FAQ or docs. We've got a script that uses DBI to connect to SQL Server. There is a system DSN set up and this already has the username and password. So do we really need to pass them again, as shown below? my $db = DBI->connect("dbi:ODBC:$dsn","$db_user_name","$db_password"); We tried the following (removing the username/password parameters), but we got a connection error. my $db = DBI->connect("dbi:ODBC:$dsn"); It would be nice (for maintenance) and obviously more secure if we could pass only the DSN name. Thanks, - ML