Amit Saxena wrote: > > Let me explain the scenario in detail. > > My application users Perl-DBI and at present I have encoded my username and > password in the perl program. Now, as my > testing is over, I would like to publish this code to my team so that they > can checkout the latest version from the pvcs and > use it. > > The problem comes now only. I want the application to use there > username/password pair instead of mine. That's the > reason, I don't want to put my hardcoded username and password in my file. > > There could be some ways as a way around which I have listed below but none > of them is the best :- > > > - *Put username and password through environment variable* : bad idea to > use environment variables here > - *Ask at runtime* : I would like my application to run without user > input at runtime.
There isn't much point in using both the user name and the password for encryption - just the password on its own should be enough. But there's also no way of obtaining a user's password from a program - it wouldn't be much of a security system if there was! I suggest you give your people the option of either setting an environment variable to define the encryption key or, if the relevant variable is found to be unset, entering it from the keyboard. That way the compromise between security and convenience is their choice. Rob -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://learn.perl.org/
