I agree. In a mod_perl environment, your best bet is to write some small piece of perl code in your httpd.conf:( 02.10.22 11:02 -0700 ) John Gedeon:Not really cleanly.Is there a way to hide the passwords in a file so that perl can still connect to the db but now allow anyone but me and maybe my supervisor to see the password?
If you're on a UN*X system, you can use file permissions to minimize
exposure. The problem is that the webserver user needs to read the
password, so anyone who can run as that user can read the password.
You could have in in an environment variable that gets populated from an
encrypted string when the webserver starts. This means that it's in
plaintext in memory and the key for the decryption either needs to be
entered by an operator or somewhere on the filesystem [which puts you in
the same dilemma you are in now (more or less)].
<Perl>
print STDOUT "Enter database password: ";
$DATABASE::PASSWORD = <STDIN>;
$DATABASE::PASSWORD =~ s/\n//og;
</Perl>
and in your perl script, just use $DATABASE::PASSWORD as the password.
The only thing is that on restart of the webserver you always have to pass in the database password.
H
