On February 18, 2004 9:58 pm, Cees Hek wrote: > Scott Prelewicz wrote: > > going to be using CGI::App. What is the best way to go about DB > > connections? IE, the mySQL un/pw, host, etc. Should I store these in > > each Instance Script and pass in to setup via PARAM =>? (I want to only > > have to change the instance script for each Cart installation). Is a > > config.txt (or something to that effect the best way to go? Or maybe > > including a config.pl, like Mr. Stosberg's cascade? > > DB passwords are a touchy thing to put in a config file. You definately > don't want to put them in every single instance script you create. It > is best to keep it outside the document root of the webserver.
I started wondering why I hadn't worried about this before. Then I realised ... it's one of the benefits of OS-based authentication as opposed to DB-managed authentication. If you can turn on OS authentication (it's almost the only option for DB2, and I doubt many others even have thought about it), this may save you a bit of headache. The downside that I see is that root will then have access without much thought, with Cees' method, they would actually have to read some perl to figure out where to look. Neither are really barriers to a malicious or hacked root account. The upside is that you can assign the webserver's account (often "apache") to have full access to the db, plus whichever other users, and the fact that the script is running as "apache" means that it has access without any further need for user or password. The other downside might be that DB2 may be the only DB vendor to have this ability at the moment, and DB2 isn't free like MySQL. --------------------------------------------------------------------- Web Archive: http://www.mail-archive.com/[EMAIL PROTECTED]/ http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2 To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
