John said:
Hi
When using MySql with Perl and use
BI you need to supply username, password
and database.
My question is this.
What is now considered the *best* method to prevent those three variables
being accessed by outsiders?
Running on a Linux server.
If you're using MySQL for a webserver and control everything on that
webserver, don't bother with a password; just use host-based
access-control. I do that when I write sample CGI programs on my laptop.
If you're writing CGI code that goes on some sort of shared-hosting service,
all you can do is make sure that your source-code is never accessible from
outside or readable by other users. Don't stick the pssword in a ".txt"
file; put it at the top of each '.cgi" file, or in a common "include.cgi"
or whatever.
If you're writing little scripts to work on a user-authenticated database,
just "chmod 400" your source-code. If you're worried about people
shoulder-surfing while you write your programs, set the password in
"~/.my.cnf" (remember: "chmod 400") and use code like the following:
open MY_CNF, $ENV{HOME}.'/.my.cnf';
while (<MY_CNF>) {
$dbuser = $1 if /^user=(\S+)/;
$dbpass = $1 if /^password=(\S*)/;
};
die if (!defined($dbuser) or !defined($dbpass));
I wish DBD::MySQL had an easier way to use the "default connect info" from
the comand-line, environment variables, /etc/my.cnf and .my.cnf, but AFAIK
it doesn't (yet)..