[rt-devel] Re: DB_DBA_PASSWORD security

Olly Stephens olly at scatcat.demon.co.uk
Fri Oct 11 14:21:25 EDT 2002

At 13:18 11/10/2002 -0400, Jesse Vincent wrote:

>Part of the cleanup for a proper installation procedure _will_ be
>pulling the DBA user and DBA password out of the main config file.
>They're only needed on setup, not at runtime.  But RT's database
>password needs to be available to RT's tools.

Slash and a few other funky web-based perl thingies use the DBIx::Password 
to manage this.
Basically, it creates a name -> db connection "password" file and stores it 
in the module directory.
This way, applications just have to use the name of the service to obtain a 
DB handle.


Doesn't really help security wise, but as you pointed out the best you can 
do with passwords in this scenario is make sure the files they're in are 
protected properly.


More information about the Rt-devel mailing list