> Hi, > > whats the best way to secure your config file which stores the database > password etc.? We are storing all these information in an extra file but > at the moment you can view this file with your browser if you know where > it lies. Should I exclude this file through the httpd/vhost config or is > there a another way with mason to do so?
TMTOWTTD,.. but I used to put such credentials in to PerlSetVar statements in a passwords.conf or similar that I include from my httpd.conf. I then just ensure that filesystem permissions are safe and secure. By default (and any other sane default) configuration, your Apache conf/ directory would not be browable through your webserver either. Alternatively, set them in some globals in your startup.pl maybe, or hand off the entire creation of your database connection to a hand rolled perl module which can take care of keeping your credentials safe. Alternatively again, if you just want to hide some files in your document root, use a FilesMatch block like is probably used to hide your .ht* files from snooping eyes. HTH Neech > Greets > Stephan > > > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to share your > opinions on IT & business topics through brief surveys-and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ > Mason-users mailing list > Mason-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/mason-users > -- Nicola Worthington http://perlgirl.org.uk [EMAIL PROTECTED] ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Mason-users mailing list Mason-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/mason-users
