Hi,
I'm developing Web application with database (postgres) backend
and would like to know what is the right and secure way to establish
connection to database. I worry about password which has to be
specified in DBI->connect. There are many scripts, .htaccess and
I don't want to spread password, even if I could maintain
file access permissions. Previously, I just used environment
variable DBI_DSN (in httpd.conf) to describe database and used
DBI->connect() method to access database. It was very convenient
because you have only one place in http.conf where you configure
coonection stuff. You can even omit any connection stuff in .htaccess
I use Mason and in all components I use database handler already
defined in Mason's handler. This is ok if datbabase you work with
doesn't requires password for connection. Now I need to figure
out how to keep my work simple (as above) and specify password
in one place, which I for sure could keep secure.
There is possbility to use environment DBI_PASS in httpd.conf
but obviously it's very dangerous and this doesn't work for some
reason - BDI->connect failed, while DBI_PASS is there and
shell script works fine (Edmund, have you tried DBI_PASS env. variable )
Anyway, it's not secure way and I'm asking your recommendation.
Regards,
Oleg
_____________________________________________________________
Oleg Bartunov, sci.researcher, hostmaster of AstroNet,
Sternberg Astronomical Institute, Moscow University (Russia)
Internet: [EMAIL PROTECTED], http://www.sai.msu.su/~megera/
phone: +007(095)939-16-83, +007(095)939-23-83
