andrew...@yahoo.com wrote: Not a 100% sure for MySql but I would think it is.
What happens first is the connection to the server is made in this case '$database:localhost:3306' and then internally the username and password are sent.
If someone can 'sniff' the connection between the perl program and the Server and if it is not encoded then yes it is in the clear. I know with DBD::Oracle this connection is encrypted (at least the Pw and UID) that same should be true of MySql as I think that is part of the SQL standard is it not??
cheers John
When connecting to a MySql server with DBI->connect: $dsn = "dbi:mysql:$database:localhost:3306"; $dbh = DBI->connect($dsn, $username, $password) is the password sent in the clear? If so, how can this be dealt with? I actually don't care about hiding the plaintext password in the perl source file or encrypting the connection with the database, I just don't want the world to see my password when it goes out over the network. Is that so much to ask for? I would think this would be an obvious issue but as far as I can tell, nobody has ever asked this question before in the history of the internet. Apparently a direct command line connection to a MySql server will not send the password in the clear: mysql -u andrew732 -p -h 123.456.789.876 but even that took me several hours of googling to figure out. I'm not new to Perl but I'm new to databases; is there a good reason that nobody seems to care about password security when it comes to databases? I would love to be enlightened! Thanks~
