>>Hi, >> >>I want to build a database application based on mod_perl and Apache::DBI. >>The goal of Apache::DBI is to get persistent database connections using only >>one database user because of resource limits. The problem I see is that the >>password for connecting to the database is clear readable in the perl >>script. >>Does anybody know how to hide that password? >>I think, storing it in a file for reading by the script is not the right way >>(?). >> >>Thanks for help! >> >>- Wolfgang
> Have you thought of running your webserver as some 'www' user? You can > then make your scripts readonly by a 'dev' group which the www user and > the developes are members of. >CORRECT: >'readonly' should be 'only readable' by Yes, that's our plan, too. But the risk still remains that someone will get a look to the script. I think, there is a golden rule: Never put clear text passwords in files. Those files are stored in archives by backup for example. There maybe a lot of people (sysadmin, developer, ...) concerned with the webserver. So it's not easy to secure it. - Wolfgang