On Fri, May 25, 2007 at 10:08:00AM +0800, Cookie wrote:
> I write my database connect info in the yml files.It's not very safe because
> the database password can see by everyone who can access the catalyst
> folder.I want to know if there any way to encrypt the database password use
> the internal method of connect_info?
That won't be any more safe. The user the app runs at has to be able to
get the password, so your best option is to chown the config file to that
user and chmod it 400 so only that user can read the file.
For particularly sensitive stuff, give the app its own user and run it
as an suexec-ed fastcgi handler.
--
Matt S Trout Need help with your Catalyst or DBIx::Class project?
Technical Director Want a managed development or deployment platform?
Shadowcat Systems Ltd. Contact mst (at) shadowcatsystems.co.uk for a quote
http://chainsawblues.vox.com/ http://www.shadowcatsystems.co.uk/
_______________________________________________
List: [email protected]
Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/[email protected]/
Dev site: http://dev.catalyst.perl.org/
