Beefy Boxes and Bandwidth Generously Provided by pair Networks
Do you know where your variables are?
 
PerlMonks  

(dkubb) Re: (2) Hiding passwords using DBI's DBI_DSN

by dkubb (Deacon)
on Feb 20, 2001 at 10:32 UTC ( [id://59597]=note: print w/replies, xml ) Need Help??


in reply to Hiding DBI Passwords?

I have a lesser known, but very interesting way of hiding a username and password from prying eyes, using only DBI, MySQL and Apache.

There are a few short steps to the process, but it is well worth it.

  1. Configure your httpd.conf

    Go into your Apache httpd.conf, add the following lines, and restart the web server:

    SetEnv DBI_DSN DBI:mysql:db_name;mysql_read_default_file=/etc/my.cnf

    This will set the DBI_DSN environment variable for all your CGI scripts, globally. The value inside the DBI_DSN variable is used if you do not pass in the first argument to DBI::connect. Any code where you create a DBI handle can now become:

    my $dbh = DBI->connect;

  2. Set your DBI handle attributes

    Before we move on, we will need to make sure of one thing: How do we set any of DBI's attributes? A common method of doing this is:

    my $dbh = DBI->connect(
  $dsn,
  $username,
  $password,
  { RaiseError => 1, ChopBlanks => 1, Taint => 1 }
);

    [download]

    It is actually possible to include your database handle attributes inside the DBI_DSN, like so:

    DBI:mysql(RaiseError=>1,ChopBlanks=>1,Taint=>1):db_name;mysql_read_default_file=/etc/my.cnf

    Before we go on, you may want to go back and tweak your DBI_DSN inside the httpd.conf using this knowledge.

  3. mysql_read_default_file

    You'll notice that in the DBI_DSN there is an attribute called mysql_read_default_file. This instructs MySQL where the location of the my.cnf configuration is that you'd like to use. The standard name for a MySQL configuration file is my.cnf.

  4. Make your own my.cnf

    Here is a sample /etc/my.cnf MySQL configuration file:

    [client]
username=my_username
password=my_password

    [download]

    Inside this file you simply specify the username and password to connect to the database. Make sure you chmod 400 this file, preferably as root, to ensure that no one else can read it.

That's it, that's all there is to it. In all future CGI scripts don't supply any arguments to DBI::connect, and MySQL will use the defaults you have configured. By utilizing several interesting features of DBI, MySQL and Apache you have now centralized your database and user management, as well as providing a secure storage method for your usernames and passwords.

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://59597]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others chilling in the Monastery: (6)
As of 2024-04-16 13:24 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found