Beefy Boxes and Bandwidth Generously Provided by pair Networks
Clear questions and runnable code
get the best and fastest answer

Re: hiding database passwords

by naChoZ (Curate)
on Dec 13, 2007 at 20:20 UTC ( #656908=note: print w/replies, xml ) Need Help??

in reply to hiding database passwords

moritz gave you the right answer. But if you're just looking for a simple way not to have to hard code a password into your script, I usually do something like this. I keep a file in my home directory, in this example ~/.ldap.secret, protect with file permissions so that only I (or root / administrator) can access the file, then run a snippet like this (which is probably more complicated than necessary):

my $ldap_password = fetch_ldap_password({ filename => $ENV{HOME} . '/. +ldap.secret' }); # ... # {{{ sub fetch_ldap_password # sub fetch_ldap_password { my $args = shift; die "No password file specified\n" unless defined $args->{filename +}; my $filename = $args->{filename}; my $password; open( PW, "<$filename" ) or die "Error opening bindpw file $filename: $!\n\n"; foreach ( <PW> ) { chomp; $password = $_; } return $password; }

This doesn't negate anything moritz said, the password is still essentially just sitting around to anyone with permission. But at least you don't have to hard code it. For a script that will be run by multiple people, the script should be using a database username that has been configured with adequate granted permissions on the database side itself to meet the needs of the script accessing the db.


Therapy is expensive. Popping bubble wrap is cheap. You choose.

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://656908]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others about the Monastery: (2)
As of 2021-10-16 03:10 GMT
Find Nodes?
    Voting Booth?
    My first memorable Perl project was:

    Results (69 votes). Check out past polls.