On Thu, 20 May 2004, Ghassemi, Seyed-Jafar wrote: > Hi, > > Could you please tell me if the password in the following statement is > encrypted ? > > DBI->connect (dbDriver, User, Password, x)
probably not. > > If not, how can we achieve this ? > 1. SSL certs if the DB supports it. 2. use something like mysql config files if your DB supports it. 3. read the password from stdin when your application starts. 4. Crypt::Blowfish, but then how do you protect your key? 5. Create an account with limited access to your database, so that even if the password were to get out, it would not have much of a problem. 6. Have process connect to the db and then (fork or drop privs). 7. &c. &c. &c. Rudy
