In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Perl.Org) writes: >On 8 Jul 2004 13:41:28 -0000, Peter Scott wrote >> Also, look at the RaiseError property of DBI connections. I gave up >> referring to DBI::errstr some years ago. > >Looks good, except I think I noticed yesterday that if the error is actually >connecting to the database, errstr may contain the username and password, >which may then be visible to the user. Since RaiseError seems to always die >with errstr, I guess I can put eval around that, or is there a best practice >in that area?
Assuming this is run in a context where the user does not have read access to the program and shouldn't know the password, I usually wrap the entire thing in an eval {} and then tell the user, "Sorry, something went wrong; the developers have been notified," while mailing $@ to myself. And doing a s/// on $@ before mailing it to remove anything looking like a password. -- Peter Scott http://www.perldebugged.com/ *** NEW *** http://www.perlmedic.com/ -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] <http://learn.perl.org/> <http://learn.perl.org/first-response>