In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Perl.Org) writes:
>On 8 Jul 2004 13:41:28 -0000, Peter Scott wrote
>> Also, look at the RaiseError property of DBI connections. I gave up
>> referring to DBI::errstr some years ago.
>
>Looks good, except I think I noticed yesterday that if the error is actually
>connecting to the database, errstr may contain the username and password,
>which may then be visible to the user. Since RaiseError seems to always die
>with errstr, I guess I can put eval around that, or is there a best practice
>in that area?
Assuming this is run in a context where the user does not have read access
to the program and shouldn't know the password, I usually wrap the entire
thing in an eval {} and then tell the user, "Sorry, something went wrong;
the developers have been notified," while mailing $@ to myself. And
doing a s/// on $@ before mailing it to remove anything looking like a
password.
--
Peter Scott
http://www.perldebugged.com/
*** NEW *** http://www.perlmedic.com/
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
<http://learn.perl.org/> <http://learn.perl.org/first-response>
