> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of darren chamberlain > Sent: Wednesday, June 18, 2003 9:38 AM > To: [EMAIL PROTECTED] > Subject: Re: [Boston.pm] DBI question > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > * Joel Gwynn <joel.gwynn at digipress.net> [2003-06-18 09:28]: > > The problem is not so much that I can't connect, the > problem is that > > if I can't, I don't want to return the db credentials to > the browser. > > How can I turn this off? > > I assume you're wrapping this in an eval, and the error > message is in [EMAIL PROTECTED] $@ is just a string, so you can run it > through a s/// to get rid of the credentials before > displaying the error message. Maybe something > like: > > my $err = $@; > for (qw( PROVIDER SERVER UID PWD DATABASE )) { > $err =~ s/($_=)(.+?)([;'])/$1 . '*' x length($2) . $3/ge; > } > # Now, use $err instead of $@ > > With your example, $err will hold something like: > > > DBI->connect(PROVIDER=********;SERVER=********;UID=***;PWD=*** > ;DATABASE= > mydb) failed: Can't connect to > 'PROVIDER=********;SERVER=********;UID=***;PWD=***;DATABASE=****': > Lasterror: -2147217843: OLE exception from "Microsoft OLE DB > Provider for SQL Server": > > (Although this still has a security hole -- it betrays the > lengths of the elements you are hiding.) > > (darren)
eval. Excellent. Now I don't have to return anything except "Error connecting", if that. _______________________________________________ Boston-pm mailing list [EMAIL PROTECTED] http://mail.pm.org/mailman/listinfo/boston-pm
