Re: How to secure database password? (was Re: Perl/DBI newbie: password stora...

Wed, 17 Sep 2003 06:42:23 -0700 

The only solutions I've discovered is:
 ( for less secure tables)
1. Crypt the password
2. Put it into directory not in the public domain 
3. Set the permissions set only for your scripts.

 ( for more secure tables)
1.  I would gather sensitive info last if possible.
2.  Do not put the password on the server.  
3.  It would have to gathered with a form and you have to have ssl.  Then 
track the password and page state with  javascript.  Always use post in your 
forms method attribute.  Any links on your page should have a target attribut of 
_blank so as not to lose tracking or display the password in the address bar.

If you find any other solutions please let me know.

Here is some javascript that I use for maintaining state in my scripts.  
Alter the script  to your own variables where applicable.

*******************             Maintaining page state      
**************************
function setpage(){
// append the links with thier email
//document.write(document.links.length+" links <BR>");
var sep = "&";
for(var i=0;i<document.links.length;i++){
  if(document.links[i].href.indexOf("?") == -1){
   sep = "?";
  }
  else{sep = "&";
  }
  if((document.links[i].href.indexOf("paypal") == -1) && 
(document.links[i].href.indexOf("UpSeason") == -1)){
  document.links[i].href=document.links[i].href+sep+"Cemail="+Cemail+"&
demo="+demo+"&season="+season;
}

}

for(var i=0;i<document.forms.length;i++){
  if(document.forms[i]){
    for(var k=0;k<document.forms[i].elements.length;k++){
      if(document.forms[i].elements[k].name == "Cemail"){
        if(Cemail == ""){Cemail = document.forms[i].Cemail.value;}
        document.forms[i].Cemail.value = Cemail;
      }
      if(document.forms[i].elements[k].name == "season"){
        if(season == ""){season = document.forms[i].season.value;}
        document.forms[i].season.value = season;
      }

 if(document.forms[i].elements[k].name == "demo"){
//try to set the value first if it's empty
      if(demo == ""){demo = document.forms[i].demo.value;}
      document.forms[i].demo.value = demo;
    }
    }
  }
}
}
****************************          end     
**********************************

CGI.pm also maintains state if a variable is repeatedly called.

Also you would have to have a separate table for each user.

Reply via email to