Unix file permissions are better than command line or environment variables
at least (safe from ps snipping anyway)
On Feb 16, 2011 12:48 AM, "shawn wilson" <ag4ve...@gmail.com> wrote:
> On Feb 16, 2011 3:22 AM, "Bill Ward" <b...@wards.net> wrote:
>>
>> I generally put such things in a config file.
>
> I don't see how this would be more secure.
>
> Using sha1 (or something else in Crypt::) comes to mind as a better
> solution. Plain text files can be made pretty secure with SELinux but most
> won't.
>
> That said, I've got my db creds in a pm...
>>
>> On Tue, Feb 15, 2011 at 11:45 PM, Ivan Shmakov <i...@main.uusia.org>
> wrote:
>>
>> > BTW, what is the best current practice to pass ->connect ()
>> > $password to a command-line Perl script?
>> >
>> > Both specifying it via a command-line argument or via an
>> > environment variable (DBI_PASS) is insecure, as on some systems
>> > this information could easily be seen by the other users on the
>> > same host.
>> >
>> > Perhaps, some variation on Net::Netrc should be used instead?
>> >
>> > My primary interests currently are PostgreSQL, which can use
>> > Kerberos, and SQLite, which uses filesystem access rights
>> > instead, but just for the caseā¦
>> >
>> > --
>> > FSF associate member #7257
>> >
>>
>>
>>
>> --
>> Check out my LEGO blog at http://www.brickpile.com/
>> View my photos at http://flickr.com/photos/billward/
>> Follow me at http://twitter.com/williamward
