On Wed, 13 Oct 1999, Oleg Bartunov wrote:
> Hi,
>
> I'm developing Web application with database (postgres) backend
> and would like to know what is the right and secure way to establish
> connection to database. I worry about password which has to be
> specified in DBI->connect. There are many scripts, .htaccess and
> I don't want to spread password, even if I could maintain
> file access permissions. Previously, I just used environment
> variable DBI_DSN (in httpd.conf) to describe database and used
> DBI->connect() method to access database. It was very convenient
> because you have only one place in http.conf where you configure
...
What we do in this sort of situation is to just create a package containing
utility functions (e.g.: for project "Foo", we might put utility functions
into the package Foo::Util). In Foo::Util, we put (among other things):
------
use DBI;
sub dbi_connect {
return DBI->connect(.... connection args ...);
}
-----
Then whenever we need the connection in a Registry script, a pure mod_perl
handler, or anything else, we just say:
use Foo::Util;
my $dbh = Foo::Util::dbi_connect();
This seems to work fine for us. It meets the requirements you state as
having the connection password in just one place as well.
I personally dont think that putting the password into the environment is
such a good idea. Too much potential for someone to steal it.
Regards,
Mike
