[rt-devel] Re: DB_DBA_PASSWORD security
Olly Stephens
olly at scatcat.demon.co.uk
Fri Oct 11 14:21:25 EDT 2002
At 13:18 11/10/2002 -0400, Jesse Vincent wrote:
>Part of the cleanup for a proper installation procedure _will_ be
>pulling the DBA user and DBA password out of the main config file.
>They're only needed on setup, not at runtime. But RT's database
>password needs to be available to RT's tools.
Slash and a few other funky web-based perl thingies use the DBIx::Password
to manage this.
Basically, it creates a name -> db connection "password" file and stores it
in the module directory.
This way, applications just have to use the name of the service to obtain a
DB handle.
http://search.cpan.org/author/KROW/DBIx-Password-1.8/Password.pm
Doesn't really help security wise, but as you pointed out the best you can
do with passwords in this scenario is make sure the files they're in are
protected properly.
Olly
More information about the Rt-devel
mailing list