I have mine in an adaptor class singleton.

Just be aware using this approach means if there is an error and you have debug 
/ trace switched on it outputs the username and password in the debug output!

So always ensure you never leave these flags on when you publish the live 
version.

-----Original Message-----
From: Adam Witney [mailto:awit...@sgul.ac.uk]
Sent: 16 February 2015 17:25
To: The elegant MVC web framework
Subject: Re: [Catalyst] Where best to store database connection information?


Hi,

Thanks for your replies.

I guess my question was more about any security issue of having the database 
username/password stored in a text file.  And what do people consider best 
practice for this from a security point of view?

Thanks

Adam


> -----Original Message-----
> From: Octavian Rasnita [mailto:orasn...@gmail.com]
> Sent: 16. februára 2015 17:10
> To: The elegant MVC web framework
> Subject: Re: [Catalyst] Where best to store database connection
> information?
>
> Catalyst uses Config::General to read .conf files. If Config::General
> is configured with the option -UseApacheInclude, then you can use an
> apache "include file.conf" in the .conf file to include another file
> from another directory which is not saved by git.
>
> Or the option -IncludeDirectories can be also useful so all the files
> from the given directory will be included.
>
> --Octavian
>
> ----- Original Message -----
> From: "David Schmidt" <davew...@gmx.at>
> To: "The elegant MVC web framework" <catalyst@lists.scsys.co.uk>
> Sent: Monday, February 16, 2015 6:22 PM
> Subject: Re: [Catalyst] Where best to store database connection
> information?
>
>
> > the catalyst configloader can load more then just one file.
> >
> > by default it loads "myapp.conf"
> >
> > if a file named "myapp_local.conf" exists it is loaded aswell.
> >
> > docs:
> > https://metacpan.org/pod/distribution/Catalyst-Plugin-
> ConfigLoader/lib/Catalyst/Plugin/ConfigLoader/Manual.pod#Using-a-local
> -
> configuration-file
> >
> > On 16 February 2015 at 15:42, Adam Witney <awit...@sgul.ac.uk> wrote:
> >> Hi,
> >>
> >> I have a Catalyst / DBIx::Class application and I have been storing
> >> the database connection parameters in a config file which is
> >> sourced using MYAPP_CONFIG_LOCAL_SUFFIX. But this seems a bit of a
> >> security
> problem
> >> having the main password in a text file like this, especially if it
> >> goes into git.
> >>
> >> Is there a recommended or best practice place to store database
> >> connection information?
> >>
> >> Thanks for any help
> >>
> >> Adam
> >>
> >> _______________________________________________
> >> List: Catalyst@lists.scsys.co.uk
> >> Listinfo:
> >> http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> >> Searchable archive:
> >> http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> >> Dev site: http://dev.catalyst.perl.org/
> >
> > _______________________________________________
> > List: Catalyst@lists.scsys.co.uk
> > Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> > Searchable archive:
> > http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> > Dev site: http://dev.catalyst.perl.org/
>
>
> _______________________________________________
> List: Catalyst@lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive:
> http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/

_______________________________________________
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/
This Email and any attachments contain confidential information and is intended 
solely for the individual to whom it is addressed. If this Email has been 
misdirected, please notify the author as soon as possible. If you are not the 
intended recipient you must not disclose, distribute, copy, print or rely on 
any of the information contained, and all copies must be deleted immediately. 
Whilst we take reasonable steps to try to identify any software viruses, any 
attachments to this e-mail may nevertheless contain viruses, which our 
anti-virus software has failed to identify. You should therefore carry out your 
own anti-virus checks before opening any documents. HomeLoan Partnership will 
not accept any liability for damage caused by computer viruses emanating from 
any attachment or other document supplied with this e-mail. HomeLoan 
Partnership reserves the right to monitor and archive all e-mail communications 
through its network. No representative or employee of HomeLoan Partnership has 
the authority to enter into any contract on behalf of HomeLoan Partnership by 
email. HomeLoan Partnership is a trading name of H L Partnership Limited, 
registered in England and Wales with Registration Number 5011722. Registered 
office: Pharos House, 67 High Street, Worthing, West Sussex, BN11 1DN. H L 
Partnership Limited is authorised and regulated by the Financial Conduct 
Authority.

_______________________________________________
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

Reply via email to