On Thursday, August 29, 2002, at 11:44 , david wrote:
[..]
>
> $dsn = <get from config>
> $usr = <get from config>
> $psw = <get from config>
>
> my $db = new Win32::ODBC("fileDSN=$dsn; uid=$usr; psw=$psw");
>
> that should avoid the horrifying "listing" effect...
my compliments - there is the part about the uid and psw
that you could get with
($name,$passwd,$uid,$gid,
$quota,$comment,$gcos,$dir,$shell,$expire) = getpw*
cf perldoc -f getpwname
which would only leave one exposed on the $dsn - unless
you wanted to play the gag of having that in the comment
field of the nis map/active directory/ldap...
unless of course $psw has to be in 'plain text' to begin with...
things folks might want to keep in mind when doing the
ConfigDSN side of the game...
a part of the problem here is whether the perl code
should be 'allowed' to do a 'setgid/setuid' to the
appropriate gid/uid to run under that entry - and
hence allow 'anyone who can run it' to run it...
or should it have an 'access list' of uid's allowed
to run the code...
ciao
drieux
---
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
