Assuming you create a Perl module outside of the webserver's document root, the tricky thing is that for cgi scripts, the user that the web server is running as needs at least "read" access to that file that contains the DB passwords.
What platform are you on? Assuming a *nix platform, I suppose you could create a group (just_us) that would consist of you, your boss, and the user the webserver runs under, and then /var/our_perl_modules --------------------- DB.pm - contains the DB password $my_db_pw have DB.pm file owner "john", group "just_us", and have permissions 750 (read, write, execute for owner, and read, execute for group, and nothing for world) /var/www/cgi-bin/my_script.cgi ------------------------------ use lib '/var/our_perl_modules'; use DB; ... my $dbh = DBI->connect($dsn, $DB::my_db_user, $DB::my_db_pw, { RaiseError => 1, PrintError => 0, AutoCommit => 1 } ); Note: This is all off the top of my head - it is untested, and it wouldn't surprise me if it's not syntactically correct, but hopefully it shows you how it might be done. Read up on Perl modules by doing perldoc perlmod at a command prompt. Doing 'perldoc perl' I found these perldocs related to modules: perlmod Perl modules: how they work perlmodlib Perl modules: how to write and use perlmodstyle Perl modules: how to write modules with style perlmodinstall Perl modules: how to install from CPAN perlnewmod Perl modules: preparing a new module for distribution But if there are other administrators(with "root" access) on the machine, they'll be able to get at your DB.pm by just su'ing to one of the user acccounts in the group. I'm no security expert, and hopefully I haven't mis-stated anything(please correct me if I'm wrong), but maybe that gives you an idea or two. One other thing - if your webserver is Apache, you might want to check out "suexec". That allows you to locate cgi scripts underneath a *regular* users home directory, and run those scripts as that regular user(they won't run as the webserver user, they will actually run as the user whose home directory it is). HTH. -- Hardy Merrill Senior Software Engineer Red Hat, Inc. John Gedeon [[EMAIL PROTECTED]] wrote: > I write/maintain web applications at my job, and several of them are in > perl and use the perl dbi to connect to an oracle db. however, the > passwords are displayed in the files and are accessible by many people > outside of our group (since all the cgi files are on servers accessible by > many people.) Is there a way to hide the passwords in a file so that perl > can still connect to the db but now allow anyone but me and maybe my > supervisor to see the password? > Thanks. > John Gedeon > > <>< Proverbs 3:5 "Trust in the Lord with all your heart and lean not on > your own understanding;"