If the application is owned by another user than root (as recommended) and
it is kept in a directory with limited permissions, then other users won't
have access to it.
The root will have access, but it would have access to anything on that
server...
--Octavian
----- Original Message -----
From: "Adam Witney" <awit...@sgul.ac.uk>
To: "The elegant MVC web framework" <catalyst@lists.scsys.co.uk>
Sent: Monday, February 16, 2015 7:24 PM
Subject: Re: [Catalyst] Where best to store database connection information?
Hi,
Thanks for your replies.
I guess my question was more about any security issue of having the database
username/password stored in a text file. And what do people consider best
practice for this from a security point of view?
Thanks
Adam
-----Original Message-----
From: Octavian Rasnita [mailto:orasn...@gmail.com]
Sent: 16. februára 2015 17:10
To: The elegant MVC web framework
Subject: Re: [Catalyst] Where best to store database connection
information?
Catalyst uses Config::General to read .conf files. If Config::General is
configured with the option -UseApacheInclude, then you can use an apache
"include file.conf" in the .conf file to include another file from another
directory which is not saved by git.
Or the option -IncludeDirectories can be also useful so all the files from
the
given directory will be included.
--Octavian
----- Original Message -----
From: "David Schmidt" <davew...@gmx.at>
To: "The elegant MVC web framework" <catalyst@lists.scsys.co.uk>
Sent: Monday, February 16, 2015 6:22 PM
Subject: Re: [Catalyst] Where best to store database connection
information?
> the catalyst configloader can load more then just one file.
>
> by default it loads "myapp.conf"
>
> if a file named "myapp_local.conf" exists it is loaded aswell.
>
> docs:
> https://metacpan.org/pod/distribution/Catalyst-Plugin-
ConfigLoader/lib/Catalyst/Plugin/ConfigLoader/Manual.pod#Using-a-local-
configuration-file
>
> On 16 February 2015 at 15:42, Adam Witney <awit...@sgul.ac.uk> wrote:
>> Hi,
>>
>> I have a Catalyst / DBIx::Class application and I have been storing the
>> database connection parameters in a config file which is sourced using
>> MYAPP_CONFIG_LOCAL_SUFFIX. But this seems a bit of a security
problem
>> having the main password in a text file like this, especially if it
>> goes
>> into git.
>>
>> Is there a recommended or best practice place to store database
>> connection information?
>>
>> Thanks for any help
>>
>> Adam
>>
>> _______________________________________________
>> List: Catalyst@lists.scsys.co.uk
>> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
>> Searchable archive:
>> http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
>> Dev site: http://dev.catalyst.perl.org/
>
> _______________________________________________
> List: Catalyst@lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive:
> http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/
_______________________________________________
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive:
http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/
_______________________________________________
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/
_______________________________________________
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/
