note
kennethk
I probably should have included in the post that this is but one step in a defense-in-depth strategy. If one explicitly encodes a password in a Perl program, one must assume that password is fairly visible. There are more sophisticated ways of hiding that information (e.g., password daemon) but ultimately any proof-of-identity is imperfect. Cost of hurdles must be considered relative to value of information. But simply moving the unencrypted file to a path still accessible to the web server userid leaves the DB still vulnerable.
<p>Thank you for describing so thoroughly the risks here. Detailed examples are very helpful in educating newer programmers, and I'm reading this as a rhetorical trick directed toward the GP.
<!-- Node text goes above. Div tags should contain sig only -->
<div class="pmsig"><div class="pmsig-712372">
<hr />
<p>#11929 First ask yourself `How would I do this without a computer?' Then have the computer do it the same way.</p>
</div></div>
11100732
11100794