One thing that's possible here is to put passwords into an encrypted Perl module. Perl supports compile time filtering and I've seen people use this to hide passwords or even to hide their entire set of source. But I've never done it myself (yet).
The place to look if you're interested in that is in the 'perlfilter' docs that come with your Perl distribution. The idea I had was to create a Perl module just for passwords that need encrypting and filter just that one module. I was also considering whether I could somehow identify encrypted values anywhere and just filter those ... it seems possible by writing a filter that filters only when it sees certain source code constructs and passes the rest through untouched, but I'm not sure. If you do this, I'd be interested in the results. I tend to stress the 'Lazy' part of Perl's three programmer virtues: Laziness, Hubris, and Impatience. 8-) ---- Steve Sapovits GSI Commerce Work Email: [EMAIL PROTECTED] Home Email: [EMAIL PROTECTED] Work Phone: 610-491-7087 Cell: 610-574-7706 Pager: 877-239-4003 > -----Original Message----- > From: John Saylor [SMTP:[EMAIL PROTECTED]] > Sent: Tuesday, October 22, 2002 2:09 PM > To: John Gedeon > Cc: [EMAIL PROTECTED] > Subject: Re: Hiding the db password > > Hi > > ( 02.10.22 11:02 -0700 ) John Gedeon: > > Is there a way to hide the passwords in a file so that perl can still > > connect to the db but now allow anyone but me and maybe my supervisor > > to see the password? > > Not really cleanly. > > If you're on a UN*X system, you can use file permissions to minimize > exposure. The problem is that the webserver user needs to read the > password, so anyone who can run as that user can read the password. > > You could have in in an environment variable that gets populated from an > encrypted string when the webserver starts. This means that it's in > plaintext in memory and the key for the decryption either needs to be > entered by an operator or somewhere on the filesystem [which puts you in > the same dilemma you are in now (more or less)]. > > > "Trust in the Lord with all your heart and lean not on your own > > understanding;" > > Well, I prefer to RTFM. > > -- > ..--- ...
