i am not a Windos guy and i am limited on what i know about ODBC. but why
not put your id and password in a config file so that your connect
statement will look like:
$dsn = <get from config>
$usr = <get from config>
$psw = <get from config>
my $db = new Win32::ODBC("fileDSN=$dsn; uid=$usr; psw=$psw");
that should avoid the horrifying "listing" effect...
you will put the config file somewhere restricted from outside access. of
course, it probably doesn't stop anyone(other developers, users of your
machine) whois using your system from opening the config file manually.
david
Brian Gilbert wrote:
> I asked earlier about a way to hide my password in the script, when
> calling an SQL connection with a line like:
>
> my($db) = new Win32::ODBC("fileDSN=myodbc.dsn; uid=myID; pwd=mysecret");
>
> No answers, so let me ask another way: what steps should we take to keep
> our scripts and embedded passwords safe from prying eyes?
>
> I've found very little on how to secure my cgi scripts on the server.
> Once I moved them to a new server and was horrified to find that when they
> were called by http, they gave a listing instead of running!
>
> So, what SHOULD we be doing? Any pointers or links?
>
>
> -Brian
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
