[EMAIL PROTECTED] (Dave Feinberg) writes: > I have a security related question. How does one deal with database > security such as connect usernames and passwords in plain text perl scripts? > Obviously encoding them directly into the scripts is not optimal. This also > makes it difficult to alter all these scripts if you need to change a > password. Considerations are to use perl bytecode, and then the passwords > are harder to get. Or possibly to store them encrypted and then read them > in, but of course then they can always be decrypted if some can access the > computer. Really i think ultimately the answer is you are relying on the > security of the physical machine. But atleast having them in one place > makes it easier if you change them. Just curious about what your thoughts > might be, what is the most effective solution you have found for the amoutn > of work it takes.
What I usually do is have a text file that is readable only by the UID who will own the process, and have that database account have only the minimum privileges needed. Another approach is to have each user of your application have his/her own database account, and use the password that the user supplies for the database connection. You could have a "generic" account with read-only permissions in the database, whose password therefore doesn't need to be as strictly protected. --Bill. -- William R Ward [EMAIL PROTECTED] http://www.wards.net/~bill/ ----------------------------------------------------------------------------- If you're not part of the solution, you're part of the precipitate.
