-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
* Joel Gwynn <joel.gwynn at digipress.net> [2003-06-18 09:28]:
> The problem is not so much that I can't connect, the problem is that
> if I can't, I don't want to return the db credentials to the browser.
> How can I turn this off?
I assume you're wrapping this in an eval, and the error message is in
[EMAIL PROTECTED] $@ is just a string, so you can run it through a s/// to get rid of
the credentials before displaying the error message. Maybe something
like:
my $err = $@;
for (qw( PROVIDER SERVER UID PWD DATABASE )) {
$err =~ s/($_=)(.+?)([;'])/$1 . '*' x length($2) . $3/ge;
}
# Now, use $err instead of $@
With your example, $err will hold something like:
DBI->connect(PROVIDER=********;SERVER=********;UID=***;PWD=***;DATABASE=
mydb) failed: Can't connect to
'PROVIDER=********;SERVER=********;UID=***;PWD=***;DATABASE=****':
Lasterror: -2147217843: OLE exception from "Microsoft OLE DB
Provider for SQL Server":
(Although this still has a security hole -- it betrays the lengths of
the elements you are hiding.)
(darren)
- --
I have discovered that all human evil comes from this, man's being
unable to sit still in a room.
-- Blaise Pascal
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE+8GtLzsinjrVhZaoRAmMxAJ4+DPwqetQ0q/5cvH6FL2S7VSInawCff3aW
btUogbJ3NXItB7HSpMceyL4=
=QUnp
-----END PGP SIGNATURE-----
_______________________________________________
Boston-pm mailing list
[EMAIL PROTECTED]
http://mail.pm.org/mailman/listinfo/boston-pm
