Scott Prelewicz wrote:
going to be using CGI::App. What is the best way to go about DB connections? IE, the mySQL un/pw, host, etc. Should I store these in each Instance Script and pass in to setup via PARAM =>? (I want to only have to change the instance script for each Cart installation). Is a config.txt (or something to that effect the best way to go? Or maybe including a config.pl, like Mr. Stosberg's cascade?
DB passwords are a touchy thing to put in a config file. You definately don't want to put them in every single instance script you create. It is best to keep it outside the document root of the webserver.
Since you are using MySQL, I would recommend using a MySQL config fileto hold the password for you and then provide that config file in the DSN you pass to DBI. Here is some psuedocode to illustrate this technique (this is from memory, so you would be wise to double check the parameter names):
$dsn = "DBI:mysql:test;mysql_read_default_file=/var/lib/mysql/my.cnf"; $dbh = DBI->connect($dsn); Then in the my.cnf file you can place the following: [client] user="username" password="my_password"Make sure you chmod 400 this file, and make sure that only the webserver can read the file (even better, use su_exec in the webserver and make your instance script run as another user than the webserver). If you do use su_exec, you can choose the config file based on the user that is executing the script. ie if the script is executed by user 'cart' then use /var/lib/mysql/cart.cnf in the DSN.
This method allows you to be more lax in the permission of your normal config file, and instance scripts, but anyone who can login as the user that your scripts are executed as can log into the database without a password (of course this is also a problem if you place the password directly in a perl config file!).
When dealing with storing passwords for programs to use there is always a compromize that has to be made. I find this method to work quite well though and it is generally more secure than placing it directly in the code..
Cheers, Cees
Any advice here is greatly appreciated. On an off topic note, I could also use advice on Sessions and such.Thanks, Scott _________________________________________________________________Watch high-quality video with fast playback at MSN Video. Free! http://click.atdmt.com/AVE/go/onm00200365ave/direct/01/--------------------------------------------------------------------- Web Archive: http://www.mail-archive.com/suppressed/ http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2 To unsubscribe, e-mail: suppressed For additional commands, e-mail: suppressed
---------------------------------------------------------------------
Web Archive: http://www.mail-archive.com/suppressed/
http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2
To unsubscribe, e-mail: suppressed
For additional commands, e-mail: suppressed
Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.