On Mon, 04 Jul 2005 15:04:43 -0700, Dean Arnold wrote: Hi Dean
> Also, I'm not sold on the idea that a ~/.dbi file is particularly > secure in that regard. Not neccesarily opposed, just not convinced > its the right solution. (I don't like cleartext passwords either, > but due to the variance in DBMS's authentication methods, I don't > know if DBI can solve that problem). Same here. I wrote Javascript::(MD5, SHA1) and CGI::Session::MembersArea to encourage (myself) sending only encrypted passwords across the net, and for storing them outside the code. And even though I'm not 100% happy (the latter module is definitely awkward to use, although that's perhaps par for the course with security) it's given me some small insight into these problems. And in the end, delivering a password for DBI to use to connect does not seem to me to be DBI's responsibility. And, yes, I too hear both MD5 and SHA1 are attackable, but that's not the point here. -- Cheers Ron Savage, [EMAIL PROTECTED] on 5/07/2005 http://savage.net.au/index.html Let the record show: Microsoft is not an Australian company
